SAP NetWeaver Application Server ABAP
SAPenterprise app5 credentials2 default credentials
SAP* Emergency / Default Client User
sap-netweaver-abap / sap-star-default-client-user
ABAP systems contain special built-in users such as SAP* used for emergency access and client administration. Public SAP documentation describes securing standard users and changing default passwords immediately after installation.
Default credentials
SAP*:PASSLocation
SAP GUI, RFC, WebGUI, ICF services, and ABAP login screensABAP user master tables such as USR02/USRACL and client-dependent user records
installation guides, client copy scripts, and system provisioning files
security audit log, SM20/SM21 events, RFC traces, and gateway logs
Notes
SAP* behavior depends on client/user-master state and profile parameters. Treat this as a known standard-user default requiring post-install hardening, not as evidence that every system accepts it.
DDIC / EARLYWATCH Standard User Password
sap-netweaver-abap / ddic-earlywatch-standard-users
ABAP installations include standard technical users such as DDIC and EARLYWATCH whose default or initial passwords are commonly targeted and must be changed during system hardening.
Location
SAP GUI, RFC, WebGUI, and administrative transactionsABAP user master and password hash tables
client copies, system refresh exports, and audit extracts
Notes
Known initial passwords vary by release/client and are included in SAP hardening guidance; avoid assuming they remain valid after proper installation hardening.
ABAP Dialog/System User Password Hash
sap-netweaver-abap / abap-user-password-hash
NetWeaver ABAP stores dialog, system, communication, service, and reference user credentials in user master tables. These users drive SAP GUI, RFC, background jobs, integrations, and service accounts.
Looks like
pattern\bUSR02\b|\bBCODE\b|\bPASSCODE\b|\bPWDSALTEDHASH\bLocation
USR02 and related ABAP user/password tables
SAP GUI, RFC, ICF, OData, WebGUI, and application loginsRFC destinations, background job variants, interface configs, and provisioning files
SAP Secure Storage, password vaults, and automation secrets
security audit log, RFC traces, gateway logs, and job logs
RFC Destination Credential
sap-netweaver-abap / rfc-destination-credential
ABAP systems store RFC destination credentials for trusted and password-based connections to SAP and non-SAP systems.
Location
RFC destination configuration and protected password storage
transport exports, interface documentation, and provisioning scripts
SAP Secure Storage and enterprise vaults
SM59 tests, RFC traces, and interface error logs
PSE / SNC / SSL Private Key
sap-netweaver-abap / pse-snc-ssl-private-key
ABAP application servers use PSE private keys and certificates for SSL/TLS, SNC, SSO, and trusted RFC communication.
Looks like
pattern-----BEGIN (RSA |EC |ENCRYPTED |)PRIVATE KEY-----\.pse$Location
SECUDIR PSE files such as SAPSSLS.pse, SAPSNCS.pse, and STRUST-managed stores
SAP Cryptographic Library PSEs, HSM/vault-backed keys, and certificate stores
system backups, exports, and support bundles
Scope
Authorized use
LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.