Memcached
Memcacheddatabase4 credentials
Unauthenticated Cache Access
memcached / unauthenticated-default
Memcached commonly accepts client commands without authentication unless SASL, TLS client authentication, or an external access-control wrapper is configured. Anyone with network access can read/write cache entries in such deployments.
Unauthenticated access
open defaultno authentication required- username
- none
- password
- none
Location
Memcached TCP/UDP listener, commonly :11211text/binary protocol listener accepting commands without SASL authentication
memcached systemd/init options, container argsSASL/TLS/listen-address options determine whether credentials are required and where the service is exposed
memcached startup logs and service manager output showing SASL/TLS/listen configuration
Notes
This represents no authentication requirement, not an empty password. Exposure depends on bind address, UDP/TCP exposure, firewalling, SASL build/configuration, TLS client-auth settings, and cloud/security-group controls.
SASL Username and Password
memcached / sasl-user-password
Memcached can be built/configured with SASL authentication. Clients authenticate with username/password credentials before cache operations are allowed.
Location
Memcached TCP/TLS client port and SASL-enabled client librariesSASL database files, memcached systemd/init options, container env files, and app configs
SASL secret databases, Kubernetes Secrets, and password vaults
application configs, tests, and cache client settings
memcached startup logs and client authentication failures
Notes
Many memcached deployments historically run without authentication; unauthenticated exposure is not modeled as a default password.
Application Cache Connection Secret
memcached / application-cache-credential
Applications may store memcached usernames, passwords, TLS client keys, and connection URIs for SASL/TLS-enabled cache clusters or managed memcached services.
Location
application.yml, .env files, Docker Compose, Helm values, and cache client configs
MEMCACHED_USERNAME, MEMCACHED_PASSWORD, MEMCACHED_URICI/CD variables, cloud secret managers, and Kubernetes Secrets
application repositories and integration tests
cache client debug output and connection errors
TLS Client/Server Private Key
memcached / tls-client-private-key
TLS-enabled memcached deployments use certificate private keys and trust material to secure cache traffic and optionally authenticate clients.
Looks like
pattern-----BEGIN (RSA |EC |ENCRYPTED |)PRIVATE KEY-----Location
memcached TLS key/cert options, service units, and container mounts
Kubernetes Secrets, certificate stores, and vaults
deployment backups and diagnostics bundles
Scope
Authorized use
LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.