lolcreds

Public credential defaults and exposure patterns for authorized security testing.

VMware ESXi / vCenter Server

VMware / BroadcomCI/CD5 credentials

Credentials5 documented
01

ESXi Root Password

vmware-vsphere / esxi-root-password

ESXi hosts use a local root account for direct host administration. The root password is set during installation or deployment and is governed by ESXi password complexity and account lockout policy.

user definedgenerated on installsecretusername/password

Location

public interface
ESXi Host Client, DCUI, SSH, ESXi Shell, and API
config file

/etc/shadow on ESXi host backups and host profiles where applicable

secret store

password managers, Auto Deploy/host profile secrets, and deployment vaults

source code

Kickstart scripts, Terraform/Ansible inventories, and lab automation

logs

installer logs, host connection errors, and automation traces

Notes

There is no universal ESXi root password; it is chosen during installation, scripted deployment, or image provisioning.

02

vCenter Single Sign-On Administrator Password

vmware-vsphere / vcenter-sso-administrator

vCenter Server creates a Single Sign-On domain during installation. The administrator account, commonly administrator@vsphere.local, has vCenter SSO administrative privileges and its password is set during deployment.

user definedgenerated on installsecretusername/password

Location

public interface
vSphere Client, vCenter API, and SSO endpoints
database

vCenter identity/SSO stores and appliance configuration state

config file

VCSA deployment JSON, installer answer files, and backup/restore configuration

secret store

password managers and deployment vaults

source code

VCSA unattended install templates and lab automation

logs

installer logs, SSO setup logs, and API client traces

03

vCenter API Session Token

vmware-vsphere / vcenter-session-token

vCenter REST and SOAP clients obtain session tokens/cookies for API access. Leaked sessions can allow operations as the authenticated user until expiration or revocation.

generated on installsecrettoken

Location

http header
vmware-api-session-id

vCenter REST API session identifier header

http header
Cookie

SOAP/VI SDK session cookie such as vmware_soap_session

logs

API client debug logs, HTTP traces, and CI output

config file

CLI caches and automation client state

04

Host, vCenter, and Integration Secrets

vmware-vsphere / host-vcenter-integration-secrets

vSphere environments store credentials for ESXi host connections, vCenter extensions, backup products, vpxuser host management, and external identity/LDAP integrations.

generated on installuser definedsecretsecret value

Location

database

vCenter Server database and SSO/solution user stores

config file

VCSA configuration files, extension registrations, backup configs, and identity source settings

secret store

solution user certificates, key stores, and password vaults

source code

automation manifests and integration test configs

logs

vpxd, SSO, LDAP, backup, and extension logs when debug output is enabled

05

ESXi/vCenter SSH Keys and Solution Certificates

vmware-vsphere / ssh-private-keys-and-certificates

ESXi and vCenter appliances use SSH keys, machine SSL certificates, solution user certificates, and trust-store secrets for administrative access and service-to-service authentication.

generated on installuser definedsecretkey pair

Looks like

pattern
pattern

private key material from ESXi/vCenter appliance or automation key files

-----BEGIN (RSA |OPENSSH |EC |)PRIVATE KEY-----

Location

config file

VCSA and ESXi appliance key stores, SSH config, and certificate directories

secret store

VECS certificate stores, backup vaults, and password managers

artifact

support bundles, backups, and exported certificates/keys

Scope

Authorized use

LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.