GLPI
Teclibenterprise app3 credentials1 default credential
Default Local Accounts
glpi / default-local-accounts
Fresh GLPI installations include built-in local accounts used to sign in before the operator changes or disables them.
Default credentials
glpi:glpiLocation
GLPI web login and API session initGLPI users table storing password verifier data
deployment inventories, Docker Compose files, and installer notes
database dumps and application backups
Notes
Other documented initial accounts commonly include tech/tech, normal/normal, and post-only/postonly; the default block records the administrative glpi/glpi account.
API App Token / Session Token
glpi / api-app-token
GLPI REST API clients can use application tokens and user authentication to obtain session tokens for API access.
Location
App-TokenApplication token used with GLPI API calls
Session-TokenSession token returned by initSession
GLPI API client and session tables
integration scripts, .env files, monitoring configs, and CMDB sync jobs
GLPI_APP_TOKEN, GLPI_SESSION_TOKEN, GLPI_USER_TOKENCI/CD variables and integration vaults
API client traces and web server access logs
LDAP, Mail Receiver, and Database Secrets
glpi / ldap-mail-database-secrets
GLPI deployments store LDAP bind credentials, mail receiver passwords, and database credentials for runtime and integrations.
Location
config/config_db.php, LDAP configuration, mail receiver setup, and deployment manifests
GLPI tables holding encrypted or protected integration settings
Kubernetes Secrets, vault entries, and password managers
Docker Compose files, Helm values, and automation repos
setup logs, sync errors, and mail receiver debug logs
Scope
Authorized use
LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.