lolcreds

Public credential defaults and exposure patterns for authorized security testing.

Memcached

Memcacheddatabase4 credentials

Credentials4 documented
01

Unauthenticated Cache Access

memcached / unauthenticated-default

Memcached commonly accepts client commands without authentication unless SASL, TLS client authentication, or an external access-control wrapper is configured. Anyone with network access can read/write cache entries in such deployments.

no authsecretusername/password

Unauthenticated access

open default
no authentication required
username
none
password
none

Location

public interface
Memcached TCP/UDP listener, commonly :11211

text/binary protocol listener accepting commands without SASL authentication

config file
memcached systemd/init options, container args

SASL/TLS/listen-address options determine whether credentials are required and where the service is exposed

logs

memcached startup logs and service manager output showing SASL/TLS/listen configuration

Notes

This represents no authentication requirement, not an empty password. Exposure depends on bind address, UDP/TCP exposure, firewalling, SASL build/configuration, TLS client-auth settings, and cloud/security-group controls.

02

SASL Username and Password

memcached / sasl-user-password

Memcached can be built/configured with SASL authentication. Clients authenticate with username/password credentials before cache operations are allowed.

user definedsecretusername/password

Location

public interface
Memcached TCP/TLS client port and SASL-enabled client libraries
config file

SASL database files, memcached systemd/init options, container env files, and app configs

secret store

SASL secret databases, Kubernetes Secrets, and password vaults

source code

application configs, tests, and cache client settings

logs

memcached startup logs and client authentication failures

Notes

Many memcached deployments historically run without authentication; unauthenticated exposure is not modeled as a default password.

03

Application Cache Connection Secret

memcached / application-cache-credential

Applications may store memcached usernames, passwords, TLS client keys, and connection URIs for SASL/TLS-enabled cache clusters or managed memcached services.

user definedgenerated on installsecretsecret value

Location

config file

application.yml, .env files, Docker Compose, Helm values, and cache client configs

environment
MEMCACHED_USERNAME, MEMCACHED_PASSWORD, MEMCACHED_URI
secret store

CI/CD variables, cloud secret managers, and Kubernetes Secrets

source code

application repositories and integration tests

logs

cache client debug output and connection errors

04

TLS Client/Server Private Key

memcached / tls-client-private-key

TLS-enabled memcached deployments use certificate private keys and trust material to secure cache traffic and optionally authenticate clients.

generated on installuser definedsecretkey pair

Looks like

pattern
pattern

private key material for memcached TLS server or client authentication

-----BEGIN (RSA |EC |ENCRYPTED |)PRIVATE KEY-----

Location

config file

memcached TLS key/cert options, service units, and container mounts

secret store

Kubernetes Secrets, certificate stores, and vaults

artifact

deployment backups and diagnostics bundles

Scope

Authorized use

LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.