Skip to content
Server & Web Software

Kubernetes SIG UI Kubernetes Dashboard — Default Password

Default username and password for the Kubernetes SIG UI Kubernetes Dashboard: (blank) / (blank). Learn how to log in and how to change the default credentials.

Kubernetes Dashboard v1.7.0 through v1.10.0 shipped with a 'Skip' login button enabled by default (CVE-2018-18264, CVSS 7.5). Clicking Skip bypassed authentication and granted the Dashboard service account's permissions — in many deployments this account had cluster-admin rights. Pre-v1.7 Dashboard had no login screen at all. Fixed in v1.10.1. Exploited in the 2018 Tesla cryptojacking incident where attackers accessed AWS credentials via an unauthenticated Dashboard exposed to the internet.

UsernamePasswordAccessVersion / firmwareNotes
(blank / none)
(blank / none)
Web UI≤1.10.0Login bypass via 'Skip' button (CVE-2018-18264); pre-v1.7 had no login screen. Fixed in v1.10.1.
Source
NVD — CVE-2018-18264 (Kubernetes Dashboard authentication bypass)

Responsible use

This database lists publicly documented default credentials so administrators can find and change them. Only use these on systems you own or are authorized to test.

Related devices

Software
Netgate
pfSense
admin/pfsenseWeb UI
Software
Grafana Labs
Grafana
admin/adminWeb UI
Software
Jenkins
Default login
admin/Web UI
Software
Hewlett Packard
Power Manager
admin/adminWeb UI
Software
IBM
Hardware Management Console
hscroot/abc123SSH
Software
IBM
BladeCenter Mgmt Console
USERID/PASSW0RDWeb UI