SAP NetWeaver Application Server Java
SAPenterprise app4 credentials
UME Administrator/User Password
sap-netweaver-java / ume-administrator-password
SAP NetWeaver AS Java authenticates users through the User Management Engine (UME). Administrator and technical users are created during installation or maintained through identity stores such as the Java database, ABAP UME, LDAP, or SAP Identity Management.
Location
NetWeaver Administrator, SAP Enterprise Portal, AS Java login pages, and management APIsUME persistence store for users, groups, password verifier data, and security policy state
UME configuration, destination service config, and AS Java deployment/installation files
SAP Secure Storage, password vaults, and deployment secrets
security audit log, defaultTrace, authentication traces, and installer logs
Notes
No universal AS Java Administrator password is modeled here; it is set during installation or inherited from the configured user store.
JCo / RFC Destination Credential
sap-netweaver-java / jco-rfc-destination-password
AS Java systems store RFC/JCo destination credentials for calls into ABAP systems, including technical users and SNC or password-based destinations.
Location
SAP NetWeaver Administrator destination configuration and exported system configuration
AS Java configuration database and destination service records
SAP Secure Storage and deployment vaults
JCo, RFC, and destination test traces when debug logging is enabled
Secure Storage Key / Protected Application Secret
sap-netweaver-java / secure-storage-key-and-secrets
AS Java uses secure storage and configuration services to protect passwords, keys, keystore passwords, and application connector secrets.
Location
secure storage configuration, keystore settings, cluster node configuration, and application properties
SAP Secure Storage, Java keystores, PSE files, and external vaults
AS Java configuration database containing encrypted application and service settings
system copies, exports, and support archives
PSE / Java Keystore Private Key
sap-netweaver-java / keystore-pse-private-key
NetWeaver Java uses PSEs and Java keystores for SSL/TLS, SSO, SNC, and trusted communication. Private keys and keystore passwords are high-impact credentials.
Looks like
pattern-----BEGIN (RSA |EC |ENCRYPTED |)PRIVATE KEY-----Location
SAPSSLS.pse, keystore files, trust/key manager configuration, and SSL service settings
SAP Cryptographic Library PSEs, Java keystores, and certificate vaults
system export/import packages, backups, and support bundles
Scope
Authorized use
LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.