lolcreds

Public credential defaults and exposure patterns for authorized security testing.

MySQL

Oracledatabase2 credentials

Credentials2 documented
01

MySQL Account Password

mysql / account-password

MySQL accounts authenticate with passwords assigned by account-management statements such as CREATE USER and ALTER USER. MySQL documents CREATE USER ... IDENTIFIED BY for assigning account passwords and stores internal credentials in grant tables such as mysql.user.

user definedsecretusername/password

Looks like

pattern
pattern

MySQL CREATE USER statement assigning a password; the password value itself has no MySQL-specific shape

CREATE\s+USER\s+'[^'\r\n]+'@'[^'\r\n]+'\s+IDENTIFIED\s+BY\s+'[^'\r\n]+'
pattern

MySQL ALTER USER statement changing a password

ALTER\s+USER\s+'[^'\r\n]+'@'[^'\r\n]+'\s+IDENTIFIED\s+BY\s+'[^'\r\n]+'

Location

database
mysql.user.authentication_string

internal credential verifier storage for MySQL accounts, depending on authentication plugin

config file

application config, .env files, JDBC/DSN connection strings, and deployment manifests

environment
MYSQL_PWD, MYSQL_USER, MYSQL_PASSWORD, MYSQL_ROOT_PASSWORD, DATABASE_URL
secret store

Kubernetes Secrets, cloud secret managers, CI/CD variables, and database password vault entries

source code

application connection strings, migration scripts, test fixtures, and accidentally committed configs

logs

failed connection traces, ORM debug logs, and CI output

public interface
tcp/3306

MySQL client protocol login endpoint

Notes

There is no universal MySQL server default password. Container images, appliances, or installers may generate or require deployment-specific root passwords that should be modeled separately when sourced.

02

Client Option File / Login Path Password

mysql / option-file-password

MySQL clients can read connection options from option files, and MySQL documents .mylogin.cnf login paths that permit host, user, password, port, and socket options. Command options also include --password for connecting to a server.

user definedsecretusername/password

Looks like

pattern
pattern

MySQL option-file password assignment; context identifies it as MySQL client credentials

^password\s*=\s*[^\r\n]+$
pattern

MySQL connection URL containing username and password

mysql://[^\s:@]+:[^\s@]+@[^\s/]+

Location

config file
~/.my.cnf, .mylogin.cnf, my.cnf

MySQL client option files and encrypted login-path file

environment
MYSQL_TEST_LOGIN_FILE, MYSQL_PWD

overrides login path file location or supplies client password

secret store

deployment secrets and workstation credential stores that materialize MySQL option files

source code

accidentally committed option files, Docker contexts, and test configuration

logs

shell history, command traces, and debug output containing --password or connection URLs

Notes

MySQL discourages exposing passwords on command lines because they can leak through process listings, shell history, and logs.

Scope

Authorized use

LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.