lolcreds

Public credential defaults and exposure patterns for authorized security testing.

Juniper Junos OS

Juniper Networksnetwork5 credentials

Credentials5 documented
01

Root Authentication Password / SSH Key

juniper-junos / root-authentication

Junos stores the root login authentication material under system root-authentication. Deployments commonly use an encrypted root password and/or SSH public keys for emergency and direct device administration.

user definedsecretusername/password

Looks like

pattern
pattern

Junos configuration stanza that contains root encrypted-password or ssh-rsa/ssh-ed25519 keys

^\s*root-authentication\s*\{
pattern

Junos encrypted password hash line; context determines root versus named user

^\s*encrypted-password\s+"?\$[156y]\$[^";]+"?;

Location

config file

Junos candidate/active configuration under system root-authentication

public interface
SSH / console / J-Web

Administrative login interfaces using the configured root authentication

artifact

configuration backups, rescue configs, network automation exports

Notes

No universal Junos root password is modeled here; operators configure root authentication during installation or deployment.

02

Local User Password / SSH Key

juniper-junos / local-user-password

Junos local login users are configured under system login user with class/uid and password or SSH key authentication. These accounts are used for CLI, SSH, J-Web, NETCONF, and automation access.

user definedsecretusername/password

Looks like

pattern
pattern

Junos system login user stanza

^\s*user\s+\S+\s*\{
pattern

encrypted password hash inside a system login user authentication stanza

^\s*encrypted-password\s+"?\$[156y]\$[^";]+"?;
pattern

SSH public key associated with a local Junos user

^\s*ssh-(rsa|dss|ecdsa|ed25519)\s+"?[^";]+"?;

Location

config file

system login user authentication stanzas in Junos configuration

public interface
SSH / J-Web / NETCONF

Administrative interfaces that accept local user credentials

artifact

config archives, golden configs, lab configs, and network-as-code repositories

03

SNMP Community String

juniper-junos / snmp-community

Junos SNMPv1/v2c community names are shared secrets that provide read-only or read-write monitoring access depending on authorization configuration.

user definedsecretsecret value

Looks like

pattern
pattern

SNMP community stanza in Junos configuration; the community name is the shared secret

^\s*community\s+\S+\s*\{

Location

config file

snmp community configuration in Junos

source code

monitoring templates and network automation configs

artifact

device configuration backups

04

RADIUS / TACACS+ Shared Secret

juniper-junos / aaa-shared-secret

Junos devices use shared secrets when talking to RADIUS or TACACS+ servers for AAA. The secret authenticates the network device to the AAA server and commonly appears in reusable configuration templates.

user definedsecretsecret value

Looks like

pattern
pattern

Junos AAA server shared secret line; the secret follows the secret keyword

^\s*(radius-server|tacplus-server)\s+\S+\s+secret\s+"?[^";]+"?;

Location

config file

access radius-server / tacplus-server or system authentication-order related AAA configuration

source code

AAA bootstrap templates and network-as-code repositories

artifact

configuration backups and migration exports

05

VPN / Routing Protocol Shared Secret

juniper-junos / vpn-routing-shared-secret

Junos configurations can contain IKE/IPsec pre-shared keys and routing protocol authentication keys for BGP, OSPF, IS-IS, and other peer relationships.

user definedsecretsecret value

Looks like

pattern
pattern

Junos IKE/IPsec pre-shared key in security ike policy/keyring context

pre-shared-key\s+(ascii-text|hexadecimal)\s+"?[^";]+"?;
pattern

routing protocol authentication key; surrounding protocol stanza identifies BGP/OSPF/IS-IS/etc.

authentication-key\s+"?[^";]+"?;

Location

config file

security ike/ipsec and protocol authentication stanzas in Junos configuration

artifact

config backups, migration bundles, and HA replacement configs

Scope

Authorized use

LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.