Scope
Credential facts for authorized work.
LOLCreds catalogs public, sourced credential behavior so defenders and authorized testers can identify exposure, verify configuration, and remove unsafe defaults.
What belongs here
- Vendor-documented default usernames, passwords, keys, tokens, or setup states.
- Public CVE, advisory, or documentation references for credential behavior.
- Credential locations, patterns, and impact notes that help fix exposure.
What does not belong here
- Breach data or real leaked secrets.
- Unsourced claims about default credentials.
- Undisclosed vulnerabilities or exploit-only instructions.
- Credentials tied to live third-party systems.
Credibility moat
Every default is sourced.
A default without a durable public source should look broken in the interface and be treated as incomplete data. The useful claim is not only the value; it is the value with its source.