RabbitMQ
Broadcom / VMware Tanzumiddleware3 credentials1 default credential
Default guest User
rabbitmq / default-guest-user
RabbitMQ documents a default pair of credentials called the default user. The default guest user is restricted to local connections in modern RabbitMQ deployments unless loopback restrictions are changed.
Default credentials
guest:guestLocation
AMQP 5672, management UI 15672RabbitMQ broker and management login surfaces
rabbitmq.conf settings that relax loopback_users or configure default users
Docker Compose files, tutorials, and local dev configurations
connection logs and management authentication failures
Notes
Treat guest/guest as high-risk when reachable remotely or when loopback restrictions are disabled.
RabbitMQ User Password
rabbitmq / user-password
RabbitMQ clients authenticate with a username/password pair, JWT token, or x.509 certificate. RabbitMQ documents rabbitmqctl add_user and rabbitmqadmin users declare for creating users and setting passwords.
Looks like
patternrabbitmqctl\s+add_user\s+[^\s]+\s+[^\s]+Location
definitions.json, rabbitmq.conf, advanced.config, Helm values, and Docker Compose files
RABBITMQ_DEFAULT_USER, RABBITMQ_DEFAULT_PASS, RABBITMQ_USER, RABBITMQ_PASSWORDKubernetes Secrets, Docker secrets, cloud secret managers, and vault entries
broker definitions, deployment scripts, tests, and accidentally committed configs
broker connection logs, management API traces, and CI output
AMQP 5672, management UI/API 15672Notes
User permissions are scoped by virtual host and tags; management UI access additionally depends on user tags.
OAuth 2 / JWT Access Token
rabbitmq / oauth-jwt-token
RabbitMQ can authenticate clients and management UI users with OAuth 2.0 JWT tokens. RabbitMQ documents JWT token credentials and management UI OAuth authorization code flows.
Location
AuthorizationBearer JWT used for management UI/API or OAuth-enabled clients
rabbitmq.conf OAuth provider and resource server settings
OAuth client secrets, Kubernetes Secrets, and vault entries
management UI OAuth logs and broker authentication traces
Notes
JWT blast radius depends on token scopes, resource server configuration, and mapped RabbitMQ permissions.
Scope
Authorized use
LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.