Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer

A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts.


New Gitlab Accounts (created since the first affect version and if Gitlab is before the patched version) can be logged into with the following password:

123qweQWE!@#000000000 Gitlab 14.9 - Authentication bypass with hardcoded password