Palo Alto Networks PAN-OS
Palo Alto Networksnetwork5 credentials1 default credential
Default Administrator Login
palo-alto-pan-os / default-admin-login
PAN-OS initial setup documentation for firewalls includes logging in to the management interface with the built-in admin account and default password before changing it.
Default credentials
admin:adminLocation
PAN-OS web interface, SSH, console, and XML/REST APIsAdministrative login surfaces
PAN-OS configuration XML administrator entries
configuration backups and device-state exports
Notes
Treat admin/admin as an initial setup default only; production deployments should change it and may use generated bootstrap passwords or external authentication.
Local Administrator Password
palo-alto-pan-os / local-admin-password
PAN-OS local administrators authenticate to the GUI, CLI, and APIs. Config exports contain administrator account definitions and password hash/secret material.
Looks like
pattern<entry\s+name="[^"]+">\s*<phash>[^<]+</phash><phash>[^<]+</phash>Location
PAN-OS configuration XML under mgt-config/users or administrator-related stanzas
web UI / CLI / APIManagement surfaces accepting local administrator credentials
password managers, Panorama secrets, and deployment vaults
configuration snapshots and tech-support bundles
XML / REST API Key
palo-alto-pan-os / api-key
PAN-OS supports API keys for XML API and REST API automation. API keys are generated for administrative users and used by clients in request parameters or headers.
Looks like
patternkey=[A-Za-z0-9%._~+/=-]{20,}Location
X-PAN-KEYPAN-OS REST API key header used by some clients
automation scripts, Terraform provider config, Ansible inventory, and .env files
PANOS_API_KEY, PANOS_API_TOKEN, PANOS_PASSWORDCI/CD variables, cloud secret managers, and vault entries
network automation repositories and test fixtures
HTTP traces, debug logs, and CI output containing API requests
IKE/IPsec and GlobalProtect Shared Secrets
palo-alto-pan-os / vpn-and-ike-secrets
PAN-OS stores IKE pre-shared keys, GlobalProtect portal/gateway secrets, and related VPN authentication secrets in configuration objects.
Looks like
pattern<pre-shared-key>[^<]+</pre-shared-key><shared-secret>[^<]+</shared-secret>Location
PAN-OS XML configuration under network/ike/gateway/portal related objects
configuration backups, device-state bundles, and Panorama exports
network-as-code templates and lab configs
SNMP / RADIUS / TACACS+ Shared Secrets
palo-alto-pan-os / snmp-and-aaa-secrets
PAN-OS configurations can include SNMP community strings and RADIUS/TACACS+/LDAP server profile bind or shared secrets used by monitoring and authentication integrations.
Looks like
pattern<community>[^<]+</community><secret>[^<]+</secret>Location
PAN-OS XML deviceconfig/system/snmp and server profile configuration
configuration backups and tech-support bundles
monitoring and AAA provisioning templates
Scope
Authorized use
LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.