lolcreds

Public credential defaults and exposure patterns for authorized security testing.

Proxmox Virtual Environment

Proxmox Server Solutions GmbHCI/CD5 credentials

Credentials5 documented
01

root@pam Password

proxmox-ve / root-pam-password

Proxmox VE uses Linux PAM accounts for host authentication; the installer creates/uses the root account and root@pam is the default administrative realm identity for the web UI, API, SSH, and console.

user definedgenerated on installsecretusername/password

Location

public interface
Proxmox VE web UI, API, SSH, and console
config file
/etc/shadow

Linux shadow password hash for root and other PAM users

secret store

password managers, cluster deployment vaults, and installer answer files

source code

lab automation, Terraform/Ansible inventories, and cluster bootstrap scripts

logs

installer logs, API client traces, and authentication failure logs

Notes

There is no universal Proxmox root password; it is set during installation or deployment.

02

Proxmox VE API Token

proxmox-ve / pve-api-token

Proxmox VE supports API tokens scoped to a user and token ID. Tokens are commonly used by Terraform, Ansible, backup tooling, and monitoring integrations.

generated on installuser definedsecretAPI key

Looks like

pattern
pattern

Proxmox API token header value containing user, token ID, and secret

PVEAPIToken=[^!\s]+![^=\s]+=\S+
pattern

Proxmox API token secret UUID format commonly returned when a token is generated

^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$

Location

http header
Authorization

PVEAPIToken header used for API token authentication

config file

Terraform provider config, Ansible inventory, .env files, and CLI configs

environment
PM_API_TOKEN_ID, PM_API_TOKEN_SECRET, PROXMOX_VE_API_TOKEN
secret store

CI/CD variables, cloud secret managers, and vault entries

source code

infrastructure-as-code repositories and test fixtures

logs

API client debug logs and CI output

03

Login Ticket and CSRF Prevention Token

proxmox-ve / ticket-and-csrf-token

Password login to the Proxmox API returns a PVEAuthCookie ticket and CSRFPreventionToken for authenticated browser/API sessions.

generated on installsecrettoken

Looks like

pattern
pattern

Proxmox authentication ticket value used in PVEAuthCookie

PVE:[^:]+:[A-Za-z0-9+/=:.%-]+

Location

http header
Cookie

PVEAuthCookie session ticket

http header
CSRFPreventionToken

CSRF token required for mutating API requests with ticket authentication

http response
Set-Cookie

PVEAuthCookie returned by API login

logs

HTTP traces and API client debug output

04

Cluster Authentication Key / Certificate Material

proxmox-ve / cluster-auth-key

Proxmox clusters maintain authentication keys and certificate material under /etc/pve/priv used by pvedaemon, pveproxy, and cluster nodes. Exposure may permit impersonation or decryption depending on the file.

generated on installsecretkey pair

Looks like

pattern
pattern

private key material from Proxmox cluster or node key files

-----BEGIN (RSA |OPENSSH |EC |)PRIVATE KEY-----

Location

config file
/etc/pve/priv/

cluster private keys, auth keys, and certificate material replicated through pmxcfs

secret store

node backups and cluster recovery vaults

artifact

Proxmox backup archives and support bundles

05

Storage, Backup, and Integration Secrets

proxmox-ve / storage-backup-secrets

Proxmox VE stores credentials for storage backends, Proxmox Backup Server, Ceph/RBD, CIFS, LDAP/AD realms, ACME DNS plugins, and notification targets.

user definedsecretsecret value

Location

config file

/etc/pve/storage.cfg, /etc/pve/priv/storage/*, realm.cfg, acme plugin config, and backup job config

secret store

cluster secret files under /etc/pve/priv and external vaults

source code

cluster provisioning scripts and IaC modules

logs

task logs, backup logs, and storage connection errors

Scope

Authorized use

LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.