09-18-2023 01:42 AM
Hello everyone,
I just wanted to commit some changes to our panorama configuration and noticed, that a new user with the name "__vm_series" was added in the commit changes as a full panorama-admin. Curiously, that user was hidden in the web-gui under Panorama -> Administrators. This was among some changes around adding new firewalls, so my best guess is that this user was added automatically somewhere around that process. BTW: We're running Panorama on 10.2.5 with the vm-series plugin 3.0.5 installed.
Testing the impact of this discovery, I discarded the changes and created that user manually and sure enough, it isn't listed, but I can log it in on the web gui. For obvious reasons, having users with administrative access set up and working, but hidden is a serious problem in our security posture.
So, questions for the community and any PANW staff wandering by:
1. Is this whole thing documented somewhere? (I couldn't find anything)
2. What is this administrator used for?
3. Why is that administrator hidden?
4. Under which conditions are administrator accounts hidden from view? / What other hidden users are there?
5. How can we turn this behavior off?
Cheers
