lolcreds

Public credential defaults and exposure patterns for authorized security testing.

What belongs here

  • Vendor-documented default usernames, passwords, keys, tokens, or setup states.
  • Public CVE, advisory, or documentation references for credential behavior.
  • Credential locations, patterns, and impact notes that help fix exposure.

What does not belong here

  • Breach data or real leaked secrets.
  • Unsourced claims about default credentials.
  • Undisclosed vulnerabilities or exploit-only instructions.
  • Credentials tied to live third-party systems.

Credibility moat

Every default is sourced.

A default without a durable public source should look broken in the interface and be treated as incomplete data. The useful claim is not only the value; it is the value with its source.