lolcreds

Public credential defaults and exposure patterns for authorized security testing.

OpenAM

Open Identity Platformidentity4 credentials

Credentials4 documented
01

OpenAM Administrator Password

openam / amadmin-password

OpenAM installation requires passwords for the default OpenAM administrator, amadmin, and default Policy Agent users. OpenAM documents logging in as the administrator with the password provided during setup.

generated on installuser definedsecretusername/password

Default credentials

amadmin:(set during configuration)

Location

public interface
/openam

OpenAM administration console and authentication endpoints

database

OpenAM configuration store or directory service containing admin and agent account data

config file

OpenAM bootstrap/configuration files, install properties, and deployment scripts

secret store

container secrets, cloud secret managers, configuration vaults, and CI/CD variables

source code

install automation, Docker Compose files, and committed configuration samples

logs

installation logs and configuration wizard output

Notes

The default block records the built-in administrator username, not a static password. The password is operator-supplied during configuration.

02

Policy Agent Password

openam / policy-agent-password

OpenAM installation asks for a password for default Policy Agent users. Policy agents use configured credentials to authenticate to OpenAM for policy enforcement and agent profile operations.

generated on installuser definedsecretusername/password

Location

config file

policy agent profiles, agent bootstrap properties, and container deployment config

database

OpenAM configuration store entries for agent profiles and credentials

secret store

agent installation password files, vault entries, and Kubernetes Secrets

source code

committed agent configs and install scripts

logs

policy agent installation and connection troubleshooting logs

Notes

Agent credentials can permit policy agent impersonation or unauthorized access to protected resource configuration.

03

OAuth/OIDC Client Secret

openam / oauth-client-secret

OpenAM supports OAuth2 and OIDC applications and authentication modules. Client integrations commonly use client IDs and client secrets issued or configured in OpenAM realms.

generated on installsecretsecret value

Location

database

OpenAM configuration store holding OAuth2/OIDC client profiles

config file

application config, realm exports, .env files, and deployment manifests

environment
OPENAM_CLIENT_ID, OPENAM_CLIENT_SECRET
secret store

application secret stores, CI/CD variables, and cloud secret managers

source code

OAuth examples, tests, and accidentally committed app config

logs

token exchange traces and authentication debugging output

Notes

Client secret exposure can allow impersonation of the relying party in OAuth/OIDC token exchange flows.

04

Directory Store Bind Password

openam / directory-bind-password

OpenAM custom configuration can connect to an LDAP directory service. OpenAM installation docs include Login ID and Password for the directory administrator user used to update schema and user data.

user definedsecretusername/password

Location

config file

OpenAM install properties and directory-service connection configuration

secret store

LDAP bind password vault entries and deployment secrets

source code

install automation and committed configuration files

logs

installer logs and LDAP connection troubleshooting output

Notes

Directory administrator credentials may grant broad read/write access to identity data, schema, and user credentials.

Scope

Authorized use

LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.