OpenJS Foundation (IBM) Node-RED Flow-Based Programming Tool — Default Password
Default username and password for the OpenJS Foundation (IBM) Node-RED Flow-Based Programming Tool: (blank) / (blank). Learn how to log in and how to change the default credentials.
Node-RED is a widely-deployed flow-based programming tool for IoT and automation, originally developed by IBM and now hosted by the OpenJS Foundation. By default, Node-RED runs with NO authentication whatsoever — the editor and all admin APIs are fully open to anyone with network access on port 1880. Authentication must be explicitly configured in settings.js using bcrypt-hashed passwords. The Node-RED documentation explicitly warns that 'by default, the editor is not secured — anyone who can access its IP address can access the editor and deploy changes.' This is a well-known and frequently exploited security gap on exposed installations.
| Username | Password | Access | Version / firmware | Notes |
|---|---|---|---|---|
(blank / none) | (blank / none) | Web UI | All versions (authentication off by default) | Node-RED editor at http://<host>:1880/ is fully open with no login required. Admin API also unauthenticated. Requires manual configuration in settings.js to enable auth. |
Responsible use
This database lists publicly documented default credentials so administrators can find and change them. Only use these on systems you own or are authorized to test.
Related devices
admin/pfsenseWeb UIadmin/adminWeb UIadmin/∅Web UIFree4Me/free4meWeb UIe250/e250changemeWeb UIadmin/NetCacheWeb UI