lolcreds

Public credential defaults and exposure patterns for authorized security testing.

Cloudera Manager

Clouderaenterprise app4 credentials1 default credential

Credentials4 documented
01

Default Cloudera Manager Administrator

cloudera-manager / default-admin

Cloudera Manager initial deployments commonly use the admin account for first login before operators change the password and configure external authentication.

static defaultuser definedsecretusername/password

Default credentials

admin:admin

Location

public interface
Cloudera Manager Admin Console and REST API
database

Cloudera Manager database user/password and auth tables

config file

installation notes, scm_prepare_database output, and deployment automation

logs

cloudera-scm-server logs, audit logs, and API traces

Notes

admin/admin is an initial credential pattern and should be changed immediately during installation/hardening.

02

Cloudera Manager User / Service Account Password

cloudera-manager / cm-user-password

Cloudera Manager users and service accounts authenticate to the admin console, API, and managed cluster services. External LDAP/AD/Kerberos may be configured.

user definedgenerated on installsecretusername/password

Location

public interface
Cloudera Manager UI, REST API, agent/server endpoints, and service UIs
database

Cloudera Manager database storing users, roles, and encrypted service config values

config file

cloudera-scm-server db.properties, LDAP config, and service configuration files

secret store

Cloudera Manager credential storage, password vaults, and Kerberos keytabs

logs

server, agent, audit, LDAP, and API logs

03

API Basic Auth / Session Credential

cloudera-manager / api-session-basic-auth

Cloudera Manager REST API clients often use Basic authentication with a CM user password or session cookies for automation.

user definedgenerated on installsecrettoken

Location

http header
Authorization

Basic credentials for Cloudera Manager API calls

http header
Cookie

Cloudera Manager web/API session cookies

config file

cm_api scripts, Ansible, Terraform, .env files, and monitoring configs

environment
CM_USERNAME, CM_PASSWORD, CLOUDERA_MANAGER_PASSWORD
secret store

CI/CD variables and automation vaults

logs

HTTP traces and API client debug logs

04

Kerberos Keytab / Service Secret

cloudera-manager / kerberos-keytab-and-service-secrets

Secure Cloudera clusters use Kerberos principals, keytabs, TLS private keys, LDAP bind passwords, database passwords, cloud storage keys, and service-specific secrets managed through Cloudera Manager.

generated on installuser definedsecretkey pair

Looks like

pattern
pattern

Kerberos keytab file path or artifact used by Hadoop/Cloudera services

\.keytab$
pattern

TLS private key for Cloudera Manager or managed service endpoints

-----BEGIN (RSA |EC |ENCRYPTED |)PRIVATE KEY-----

Location

config file

service keytabs, TLS key files, krb5.conf, db.properties, and generated service configs

secret store

Cloudera Manager credential store, KDC/keytab stores, Java keystores, and vaults

artifact

cluster backups, parcels/config exports, and diagnostic bundles

logs

Kerberos, TLS, LDAP, and service startup logs

Scope

Authorized use

LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.