lolcreds

Public credential defaults and exposure patterns for authorized security testing.

IBM Db2

IBMdatabase4 credentials

Credentials4 documented
01

Database User Password

ibm-db2 / database-user-password

Db2 authenticates users through the operating system, LDAP, Kerberos, or external security plugins; database and instance administration uses OS or directory identities such as the instance owner and application users.

user definedgenerated on installsecretusername/password

Location

public interface
Db2 CLP, JDBC/ODBC, DRDA, Data Server Manager, and administrative tools
database

catalog grants, roles, trusted contexts, and auth metadata tied to external user identities

config file

db2dsdriver.cfg, JDBC properties, ODBC DSNs, app server data sources, and scripts

secret store

keystores, password vaults, Kubernetes Secrets, and OS credential stores

logs

db2diag.log, audit logs, client traces, and application connection errors

Notes

Db2 normally delegates password verification to OS/LDAP/Kerberos rather than storing a universal database password.

02

Application Data Source Secret

ibm-db2 / application-datasource-secret

Applications and middleware store Db2 usernames/passwords or Kerberos keytab references for database access.

user definedsecretusername/password

Location

config file

application properties, WebSphere/JBoss data sources, db2cli.ini, db2dsdriver.cfg, and connection profiles

environment
DB2_USER, DB2_PASSWORD, DATABASE_URL
secret store

CI/CD variables, vaults, and cloud secret managers

source code

application repositories, tests, and deployment manifests

logs

JDBC/ODBC debug output and application error logs

03

SSL Keystore / Private Key

ibm-db2 / ssl-keystore-and-private-key

Db2 supports SSL/TLS and certificate-based authentication that rely on server/client keystores, private keys, and keystore passwords.

generated on installuser definedsecretkey pair

Looks like

pattern
pattern

private key material used by Db2 SSL/TLS clients or servers

-----BEGIN (RSA |EC |ENCRYPTED |)PRIVATE KEY-----

Location

config file

Db2 SSL_SVR_KEYDB, SSL_SVR_STASH, client keystores, and TLS configuration

secret store

GSKit key databases, stash files, certificate vaults, and HSMs

artifact

database server backups and support bundles

04

Federation, HADR, and Backup Secrets

ibm-db2 / federation-and-backup-secrets

Db2 environments may store federation server credentials, HADR/replication secrets, backup encryption keys, and storage credentials.

user definedgenerated on installsecretsecret value

Location

database

federated server/user mappings and catalog metadata

config file

replication configs, backup scripts, encryption key manager config, and storage profiles

secret store

backup vaults, key managers, and cloud secret stores

logs

replication, backup, and restore logs

Scope

Authorized use

LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.