TikiWiki / Tiki CMS Groupware
Tiki Software Community Associationcms3 credentials
User Password Hash
tikiwiki / user-password-hash
Tiki stores local users and password verifier data in its database for wiki/CMS/groupware authentication unless external auth is used.
Location
Tiki user tables containing local account password hashes and login state
Tiki login, web UI, and service endpointsdatabase dumps and site backups
Token Access Secret
tikiwiki / token-access
Tiki supports token access features that allow generated tokens to grant access according to configured permissions and expiry.
Location
AuthorizationBearer or token-style usage by API/integration clients where configured
Tiki token access records and permissions
integration scripts, URL tokens, and automation settings
password managers and CI/CD secrets
web server access logs and integration traces
Database, Mail, LDAP, and OAuth Secrets
tikiwiki / db-mail-ldap-oauth-secrets
Tiki installations contain database credentials, SMTP passwords, LDAP bind credentials, OAuth client secrets, and other integration secrets in local config and database settings.
Location
db/local.phpdatabase connection credentials and local site configuration
preference and integration tables containing service secrets
Kubernetes/Docker secrets, vaults, and password managers
deployment manifests and committed site configs
mail, LDAP, OAuth, and installer debug logs
Scope
Authorized use
LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.