IBM QRadar SIEM Community Edition (On-Premises) — Default Password
Default username and password for the IBM QRadar SIEM Community Edition (On-Premises): configservices / qradar. Learn how to log in and how to change the default credentials.
CVE-2020-4269 (CVSS 7.5, AV:N/AC:L/PR:N/UI:N) documents a hard-coded credential in IBM QRadar SIEM. The internal 'configservices' account with password 'qradar' was hardcoded in /opt/qradar/conf/users.conf and exposed the configuration API (/configservices/configurationsets) to unauthenticated network access. Affected: QRadar CE 7.3.1.6 and related versions. Fixed in 7.4.0 GA, 7.3.3 Patch 3, 7.3.2 Patch 7. Documented in IBM Security Bulletin and Securify advisory SFY20200401.
| Username | Password | Access | Version / firmware | Notes |
|---|---|---|---|---|
configservices | qradar | API | QRadar CE 7.3.1.6 and earlier | Hard-coded internal service account (CVE-2020-4269 CVSS 7.5). Exposed /configservices/configurationsets API. Fixed in 7.4.0 GA, 7.3.3 P3, 7.3.2 P7. |
Responsible use
This database lists publicly documented default credentials so administrators can find and change them. Only use these on systems you own or are authorized to test.