lolcreds

Public credential defaults and exposure patterns for authorized security testing.

F5 BIG-IP

F5network5 credentials1 default credential

Credentials5 documented
01

Default admin/root Credentials

f5-big-ip / default-admin-root

F5 BIG-IP systems have documented default local credentials for initial management access that must be changed during setup and hardening.

static defaultuser definedsecretusername/password

Default credentials

admin:admin

Location

public interface
BIG-IP Configuration utility, SSH, TMOS shell, iControl REST, and console
config file

BIG-IP user configuration, UCS archives, and onboarding declarations

artifact

UCS/QKView/support bundles and device backups

Notes

F5 documentation also discusses root/default on affected versions/platforms; the default block records the web/admin default admin/admin.

02

Local BIG-IP User Password

f5-big-ip / local-user-password

BIG-IP local users authenticate to the GUI, SSH, tmsh, and iControl REST according to assigned roles and partitions.

user definedsecretusername/password

Looks like

pattern
pattern

tmsh BIG-IP local user stanza in configuration or UCS exports

^auth user \S+ \{

Location

config file

bigip_user.conf, bigip.conf, SCF files, DO declarations, and UCS archives

public interface
GUI, SSH, tmsh, iControl REST, and console
secret store

password managers and automation vaults

logs

audit logs, restjavad logs, ssh logs, and auth failures

03

iControl REST Token

f5-big-ip / icontrol-rest-token

BIG-IP iControl REST clients can obtain authentication tokens for API automation. Tokens act as bearer credentials until expiration or revocation.

generated on installsecrettoken

Location

http header
X-F5-Auth-Token

iControl REST authentication token

http header
Authorization

Basic credentials or bearer-style auth used to obtain/use REST tokens

config file

automation scripts, Terraform/Ansible provider configs, and .env files

environment
F5_TOKEN, F5_PASSWORD, BIGIP_TOKEN
secret store

CI/CD variables and vault entries

logs

REST debug logs and HTTP traces

04

Device Trust / SSL Private Keys

f5-big-ip / device-trust-and-ssl-keys

BIG-IP stores device trust certificates, SSL profile private keys, appliance certs, and related passphrases used for traffic termination and cluster trust.

generated on installuser definedsecretkey pair

Looks like

pattern
pattern

private key material from BIG-IP SSL/device trust key files

-----BEGIN (RSA |EC |ENCRYPTED |)PRIVATE KEY-----

Location

config file
/config/ssl/ssl.key/, /config/ssl/ssl.crt/

BIG-IP SSL keys, device certs, and trust material

secret store

UCS archives, certificate vaults, and HSM integrations

artifact

UCS backups, SCF files, and support bundles

05

SNMP / LDAP / RADIUS / TACACS+ Secrets

f5-big-ip / snmp-ldap-radius-secrets

BIG-IP stores SNMP communities, AAA bind passwords, RADIUS/TACACS+ shared secrets, and monitor credentials for management and traffic features.

user definedsecretsecret value

Location

config file

bigip.conf, bigip_base.conf, auth source config, monitor definitions, and UCS archives

secret store

automation vaults and password managers

source code

AS3/DO declarations and network automation repos

logs

AAA, monitor, and SNMP debug logs

Scope

Authorized use

LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.