How are passwords and keys stored in PAN xml config files

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

How are passwords and keys stored in PAN xml config files

Not applicable

Are they hashed before storing them in the config files? By the looks of them, it seems like the PAN appliance is storing them in an encrypted format. If so, can they be decrypted?

For example, an OSPF key is stored as follows

"-AQ==xxxxxxxxxxxxx=xxxxxxxxxxxxx=="

This pattern can be observed in almost all of the keys/passwords stored in the XML config. Is there a way to decrypt these keys. I am particularly interested in the OSPF MD5 keys as I need to add new routers to our network but I don't know the key.

Has anyone successfully decrypted a PAN key?

Thanks.

18 REPLIES 18

you can also use the 'request password-hash' operational mode CLI command.

I also noticed that when I create users via the API in 4.1, I can send the passwords in clear.

L1 Bithead

guys,

Is this still the case for 5.0.X PAs ?

Given that PA recently got approved for various security oriented certificates I sure do hope this has been fixed or at least noted in these tests:

http://researchcenter.paloaltonetworks.com/2013/06/usgv6-for-ipv6-common-criteria-eal-4-and-certific...

http://researchcenter.paloaltonetworks.com/2013/07/update-on-certifications-dept-of-defense-uc-apl/

  • 16392 Views
  • 18 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!