lolcreds

Public credential defaults and exposure patterns for authorized security testing.

OpenText Content Server

OpenTextenterprise app4 credentials

Credentials4 documented
01

Administrator/User Password

opentext-content-server / admin-user-password

OpenText Content Server users authenticate to the web UI, REST API, WebDAV, and integrations through local, directory, or SSO-backed accounts. The administrative account password is set during installation or provisioning.

user definedgenerated on installsecretusername/password

Location

public interface
Content Server web UI, REST API, WebDAV, and OTDS login flows
database

Content Server user/security tables and OTDS identity records

config file

opentext.ini, deployment files, OTDS settings, and web server auth config

secret store

OpenText Directory Services secrets, password vaults, and deployment stores

logs

thread logs, connect logs, web server logs, and authentication traces

Notes

No universal Content Server administrator password is modeled; it is installation-specific.

02

OTCSTicket / REST Session Token

opentext-content-server / rest-ticket-and-token

Content Server REST API logins return OTCSTicket or related session tokens that act as bearer credentials for API calls.

generated on installsecrettoken

Location

http header
OTCSTicket

OpenText Content Server REST API authentication ticket header

http header
Cookie

web session cookies for Content Server/OTDS authenticated sessions

http response

authentication responses containing ticket/session token material

config file

API client caches, integration configs, Postman collections, and .env files

logs

REST client traces and web server access/debug logs

03

OTDS / OAuth Client Secret

opentext-content-server / otds-client-secret

OpenText Content Server deployments commonly integrate with OTDS, OAuth/OIDC clients, SAML, LDAP, and enterprise identity systems using client secrets, bind passwords, and signing keys.

user definedgenerated on installsecretsecret value

Location

config file

OTDS configuration, OAuth client settings, SAML config, LDAP config, and web app properties

database

OTDS and Content Server configuration stores containing client and integration secrets

secret store

OTDS credential store, password vaults, and certificate stores

source code

integration services and deployment automation

logs

OTDS, OAuth, SAML, and LDAP debug logs

04

Database, Storage, and Archive Secrets

opentext-content-server / database-and-storage-secrets

Content Server stores database credentials, archive/storage provider credentials, Enterprise Connect/integration secrets, and rendition/records-management service account passwords.

user definedsecretsecret value

Location

config file

opentext.ini, database connection files, archive/storage provider config, and service configs

database

Content Server configuration records and encrypted credential stores

secret store

vaults, Kubernetes/Docker secrets, and storage credential stores

artifact

database dumps, content server backups, and support packages

Scope

Authorized use

LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.