lolcreds

Public credential defaults and exposure patterns for authorized security testing.

Nagios

Nagios Enterprisesmonitoring3 credentials

Credentials3 documented
01

CGI Web User Password

nagios / cgi-basic-auth-user

Nagios Core CGIs rely on web server authentication. Nagios documents authenticated users as users who authenticate to the web server with a username and password and then receive Nagios CGI authorization according to contacts and configuration.

user definedsecretusername/password

Looks like

pattern
pattern

Apache htpasswd MD5 entry commonly used for Nagios CGI Basic authentication

^[^:\r\n]+:\$apr1\$[^:\r\n]+$
pattern

bcrypt htpasswd entry for Nagios web authentication

^[^:\r\n]+:\$2[aby]\$[^:\r\n]+$

Location

config file
htpasswd.users, nagios.conf, cgi.cfg

web server Basic-auth password file and Nagios CGI authorization config

public interface
/nagios, /nagios/cgi-bin

Nagios web interface and CGI endpoints

secret store

web server password stores and configuration management vaults

source code

deployment scripts, Ansible roles, Docker Compose files, and committed Nagios configs

logs

web server access/error logs and authentication troubleshooting output

Notes

nagiosadmin is a commonly created administrator username in quickstart guides, but its password is user-defined and not a universal default.

02

resource.cfg $USERn$ Macro Secret

nagios / resource-file-secret

Nagios Core resource files can contain $USERn$ macro definitions. Nagios documents these macros as useful for storing usernames, passwords, and common command-definition items, and notes that CGIs do not read resource files so restrictive permissions can protect them.

user definedsecretsecret value

Looks like

pattern
pattern

Nagios resource.cfg USER macro assignment that may hold passwords or API tokens

^\$USER\d+\$\s*=\s*[^\r\n]+

Location

config file
resource.cfg

Nagios resource file containing $USERn$ macro definitions

secret store

configuration management vaults and deployment secrets that render resource.cfg

source code

committed monitoring configs, plugin command definitions, and infrastructure repositories

logs

plugin debug output and command-line traces if macros are expanded into commands

Notes

Resource macros often contain credentials for monitored systems or notification services rather than Nagios login credentials.

03

Plugin Command Credential

nagios / plugin-command-credential

Nagios checks and notification commands frequently embed credentials for monitored services, agents, or APIs. Nagios command definitions can expand resource macros or arguments into plugin command lines.

user definedsecretsecret value

Location

config file

commands.cfg, services.cfg, resource.cfg, NRPE configs, and custom plugin config

source code

monitoring repositories, custom plugins, shell scripts, and committed command definitions

secret store

vault entries and configuration management secrets used to render Nagios configs

logs

debug logs, process listings, and plugin output containing command arguments

Notes

These credentials can be database passwords, SNMP communities, API tokens, or service-account passwords used by monitoring plugins.

Scope

Authorized use

LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.