lolcreds

Public credential defaults and exposure patterns for authorized security testing.

Palo Alto Networks PAN-OS

Palo Alto Networksnetwork5 credentials1 default credential

Credentials5 documented
01

Default Administrator Login

palo-alto-pan-os / default-admin-login

PAN-OS initial setup documentation for firewalls includes logging in to the management interface with the built-in admin account and default password before changing it.

static defaultuser definedsecretusername/password

Default credentials

admin:admin

Location

public interface
PAN-OS web interface, SSH, console, and XML/REST APIs

Administrative login surfaces

config file

PAN-OS configuration XML administrator entries

artifact

configuration backups and device-state exports

Notes

Treat admin/admin as an initial setup default only; production deployments should change it and may use generated bootstrap passwords or external authentication.

02

Local Administrator Password

palo-alto-pan-os / local-admin-password

PAN-OS local administrators authenticate to the GUI, CLI, and APIs. Config exports contain administrator account definitions and password hash/secret material.

user definedsecretusername/password

Looks like

pattern
pattern

PAN-OS XML configuration administrator entry with password hash

<entry\s+name="[^"]+">\s*<phash>[^<]+</phash>
pattern

PAN-OS administrator password hash field in configuration XML

<phash>[^<]+</phash>

Location

config file

PAN-OS configuration XML under mgt-config/users or administrator-related stanzas

public interface
web UI / CLI / API

Management surfaces accepting local administrator credentials

secret store

password managers, Panorama secrets, and deployment vaults

artifact

configuration snapshots and tech-support bundles

03

XML / REST API Key

palo-alto-pan-os / api-key

PAN-OS supports API keys for XML API and REST API automation. API keys are generated for administrative users and used by clients in request parameters or headers.

generated on installsecretAPI key

Looks like

pattern
pattern

PAN-OS API key in URL query or request body parameter

key=[A-Za-z0-9%._~+/=-]{20,}

Location

http header
X-PAN-KEY

PAN-OS REST API key header used by some clients

config file

automation scripts, Terraform provider config, Ansible inventory, and .env files

environment
PANOS_API_KEY, PANOS_API_TOKEN, PANOS_PASSWORD
secret store

CI/CD variables, cloud secret managers, and vault entries

source code

network automation repositories and test fixtures

logs

HTTP traces, debug logs, and CI output containing API requests

04

IKE/IPsec and GlobalProtect Shared Secrets

palo-alto-pan-os / vpn-and-ike-secrets

PAN-OS stores IKE pre-shared keys, GlobalProtect portal/gateway secrets, and related VPN authentication secrets in configuration objects.

user definedsecretsecret value

Looks like

pattern
pattern

PAN-OS XML element for IKE/IPsec pre-shared key

<pre-shared-key>[^<]+</pre-shared-key>
pattern

PAN-OS XML element for VPN or integration shared secret

<shared-secret>[^<]+</shared-secret>

Location

config file

PAN-OS XML configuration under network/ike/gateway/portal related objects

artifact

configuration backups, device-state bundles, and Panorama exports

source code

network-as-code templates and lab configs

05

SNMP / RADIUS / TACACS+ Shared Secrets

palo-alto-pan-os / snmp-and-aaa-secrets

PAN-OS configurations can include SNMP community strings and RADIUS/TACACS+/LDAP server profile bind or shared secrets used by monitoring and authentication integrations.

user definedsecretsecret value

Looks like

pattern
pattern

SNMP community value in PAN-OS XML configuration

<community>[^<]+</community>
pattern

AAA or integration shared secret field in PAN-OS XML configuration

<secret>[^<]+</secret>

Location

config file

PAN-OS XML deviceconfig/system/snmp and server profile configuration

artifact

configuration backups and tech-support bundles

source code

monitoring and AAA provisioning templates

Scope

Authorized use

LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.