lolcreds

Public credential defaults and exposure patterns for authorized security testing.

DokuWiki

DokuWikicms3 credentials

Credentials3 documented
01

Local User Password Hash

dokuwiki / local-user-password-hash

DokuWiki local authentication stores users and password hashes in users.auth.php unless another auth plugin is configured.

user definedsecretusername/password

Looks like

pattern
pattern

DokuWiki users.auth.php line with login, password hash, name, email, and groups

^[^:#\s]+:[^:]+:[^:]*:[^:]*:.*$

Location

config file
conf/users.auth.php

local DokuWiki user credential file

public interface
DokuWiki login and XML-RPC/API access
artifact

wiki backups and configuration archives

02

Superuser / Auth Plugin Credential

dokuwiki / superuser-and-auth-config

DokuWiki configuration can define superuser identities and external auth plugin settings such as LDAP bind DN/password, database credentials, or SSO shared secrets.

user definedsecretsecret value

Looks like

pattern
pattern

DokuWiki superuser setting; identity is not a password but marks privileged accounts

\$conf\[\'superuser\'\]\s*=\s*[\'\"][^\'\"]+[\'\"]
pattern

DokuWiki config setting carrying a password or secret

\$conf\[[\'\"][^\'\"]*(pass|password|secret)[^\'\"]*[\'\"]\]\s*=\s*[\'\"][^\'\"]+[\'\"]

Location

config file
conf/local.php, conf/plugins.local.php

superuser, auth plugin, LDAP, database, SMTP, and integration settings

secret store

deployment vaults and password managers

source code

configuration management repos and Docker Compose files

logs

auth plugin debug logs and web server traces

Scope

Authorized use

LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.