Neo4j social graph database ships with hardcoded password "12345678" lol

GitHub

pubky-docker/neo4j.env at main · pubky/pubky-docker

One click Pubky deployments. Contribute to pubky/pubky-docker development by creating an account on GitHub.

line 9: NEO4J_AUTH=neo4j/12345678 line 5 shows # NEO4J_PASSWORD=12345678 commented out as the "default" hint, and line 9 shows it actually hardcoded active as NEO4J_AUTH=neo4j/12345678. They knew the password was 12345678 and shipped it anyway. The comment on line 7 even warns: "If you change the auth params and you have already created the config files, will not take effect." So changing it after first run is non-trivial. Your entire social graph — every follow, post relationship, and connection — stored in Neo4j with a hardcoded default password. No warning. No enforcement to change it.