Adobe Experience Manager
Adobecms4 credentials1 default credential
Default Administrator Account
adobe-experience-manager / default-admin
AEM quickstart installations include the built-in admin account used for initial author/publish administration. Adobe hardening guidance calls out changing default passwords and securing default accounts.
Default credentials
admin:adminLocation
AEM author/publish login, CRXDE Lite, Felix console, Package Manager, and Sling endpointsJCR/Oak repository user and token nodes
quickstart startup scripts, OSGi configs, runmode configs, and provisioning files
AEM package exports, repository backups, and quickstart snapshots
Notes
admin/admin is an initial/development credential and should be changed or disabled for production hardening.
Repository / Service User Password
adobe-experience-manager / repository-user-password
AEM stores local repository users, service users, and application accounts in the JCR/Oak repository for authoring, replication, package management, and integrations.
Location
JCR/Oak repository users, groups, rep:password hashes, and service user mappings
AEM login, Sling servlets, CRXDE, package manager, and replication endpointspassword vaults, Cloud Manager variables, and deployment secrets
content packages, repoinit scripts, tests, and runmode configs
request.log, audit logs, error.log, and authentication traces
OSGi, Crypto Support, and Integration Secrets
adobe-experience-manager / osgi-and-crypto-secrets
AEM OSGi configurations can hold SMTP passwords, LDAP bind credentials, dispatcher flush secrets, OAuth/client secrets, database credentials, replication agent passwords, and the Crypto Support master key material.
Looks like
pattern\{[A-Za-z0-9+/=]+\}Location
crx-quickstart/launchpad/config, crx-quickstart/confOSGi configs, runmode configs, crypto keys, and connector settings
JCR configuration nodes for replication agents and integration credentials
AEM Crypto Support, Cloud Manager secrets, Kubernetes Secrets, and vaults
committed OSGi config files, content packages, and deployment repos
replication, LDAP, mail, and connector debug logs
Login Token / OAuth Token
adobe-experience-manager / api-session-token
AEM issues login tokens and may store OAuth/access tokens for integrations with Adobe and third-party services.
Location
CookieAEM login-token and session cookies
AuthorizationBearer/OAuth tokens used by integrations and Sling clients
JCR token nodes and OAuth/client credential storage
HTTP traces, request logs, and client debug output
Scope
Authorized use
LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.