pfSense
Netgatenetwork4 credentials1 default credential
Default Administrator Login
pfsense / default-admin
pfSense ships with an initial webConfigurator/console administrator credential that should be changed during the setup wizard.
Default credentials
admin:pfsenseLocation
pfSense webConfigurator, SSH/console shell, XMLRPC, and API packages where installed/conf/config.xmllocal user password hashes and system configuration
configuration backups and diagnostics bundles
Local User Password Hash
pfsense / local-user-password
pfSense local users and privilege assignments are stored in the XML configuration and used for webConfigurator, SSH, VPN, captive portal, and package access.
Looks like
pattern<user>.*?<name>[^<]+</name>.*?<password>[^<]+</password>Location
/conf/config.xmluser manager entries, password hashes, privileges, and auth server config
webConfigurator, SSH, console, VPN, captive portal, and package UIspassword managers and firewall backup vaults
system, auth, VPN, and captive portal logs
API Key / Web Session Cookie
pfsense / api-key-and-session
pfSense installations with REST/API packages or automation can use API keys, Basic auth, and PHP/webConfigurator session cookies as bearer credentials.
Location
AuthorizationBasic or bearer/API-key auth used by automation and API packages
CookiepfSense webConfigurator PHP session cookie
automation scripts, Terraform/Ansible configs, and API package settings
CI/CD variables and network automation vaults
web server access logs and API debug traces
VPN, SNMP, LDAP, RADIUS, and Certificate Secrets
pfsense / vpn-snmp-ldap-radius-secrets
pfSense configurations hold IPsec/OpenVPN/WireGuard keys, SNMP communities, LDAP/RADIUS secrets, certificates/private keys, PPPoE credentials, and package integration secrets.
Looks like
pattern-----BEGIN (RSA |EC |OPENVPN |ENCRYPTED |)PRIVATE KEY-----Location
/conf/config.xmlVPN, SNMP, auth server, certificate, gateway, package, and PPP secrets
configuration backup vaults and certificate stores
full configuration backups, diagnostics, and OpenVPN client exports
firewall-as-code repositories and deployment templates
Scope
Authorized use
LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.