Back to overview

Network Security

Weak Credentials Are Hiding in Your Network — Can You Afford Not to Know?

by Asif Mujtaba

You can’t fix what you can’t see. Credential Auditor for SonicOS gives you the visibility to act before attackers do, but only if you’re running the platform that supports it.

 

Weak, default, and compromised credentials remain one of the leading causes of network breaches, and one of the most preventable. SonicOS 7.3.1 and 8.2.0 include a built-in feature called Credential Auditor, designed to surface exactly these risks across your devices before they become incidents.

The question isn’t whether weak credentials exist on your network. The data shows they almost certainly do. The question is whether you find them first, and whether your firewall platform even gives you the tools to look.

Key Findings at a Glance

Before diving in, here is what the data shows across SonicWall deployments running Credential Auditor:

11.8%

Of SonicWall devices running Credential Auditor, were found to have bad credentials

65.7%

Of bad credentials are remote user passwords, and your widest attack surface

92%

Of all bad credentials come from remote and local user passwords combined

Gen 6

Cannot run Credential Auditor; this is a permanent, structural limitation with no fix

The Gen 6 Blind Spot

If you’re still running a Generation 6 SonicWall firewall, you’re working with a platform that has reached end of life. No new features. No Credential Auditor. No way to proactively audit the credentials protecting your network.

That matters more than ever right now.

Threat actors don’t care how long you’ve had your firewall. They care about whether they can get in. And without visibility into credential hygiene, you have no way of knowing if the door is already open. Gen 6 devices simply cannot give you this visibility: it’s a structural limitation of the platform, not a configuration issue.

Meanwhile, the threat landscape has moved on. Credential-based attacks, that is, password spraying, credential stuffing, and exploitation of default credentials, are among the most common initial access techniques used by ransomware groups and nation-state actors today. Your Gen 6 firewall was not built to defend against the modern threat environment, and it has no path to get there.

What Upgrading to Gen 7 or Gen 8 Unlocks

Moving to a Generation 7 or 8 SonicWall running SonicOS 7.3.1 or 8.2.0 isn’t just a hardware refresh; it’s a security posture upgrade. Credential Auditor is one of the most immediately impactful capabilities you gain.

Among SonicOS deployments running Credential Auditor, 11.8% had bad credentials, meaning more than 1 in 10 devices audited uncovered a real, actionable problem.

That’s not a theoretical risk. Those are live credentials that an attacker could exploit right now. On a Gen 6 device, you’d never know.

Where Are the Weak Credentials Hiding?

Credential Auditor breaks down findings by credential type. The distribution shows exactly where your exposure is concentrated:

  • Remote user passwords: 65.7% of bad credentials fall here. Remote access is already your widest attack surface; weak passwords here are an open door for attackers.
  • Local user passwords: 26.2% of bad credentials. Internal accounts with weak passwords are a lateral-movement risk waiting to happen.
  • IKE pre-shared keys: 12.4% of bad credentials. VPN tunnels secured with weak or default keys undermine the very encryption protecting your traffic.
  • Built-in admin passwords: 2.1% of bad credentials. A compromised admin account gives an attacker total device control.
  • LDAP bind passwords: 0.4% of bad credentials. A compromised LDAP bind account can expose your entire directory.

Remote and local user passwords together account for nearly 92% of all bad credentials found. These aren’t exotic vulnerabilities; they are the basics. And the basics are where breaches begin. On Gen 6, these blind spots remain permanently unaddressed.

5 Reasons to Act Today

1. Gen 6 Has No Roadmap and No Credential Auditor

End-of-life means no new security features, period. The credential visibility gap on Gen 6 will never be closed. Every day you remain on that platform is another day of operating without the tools modern threats demand.

2. Bad Credentials Are More Common Than You Think

With 11.8% of audited Gen 7 devices flagging real credential issues, the risk is clearly widespread. On Gen 6, those same issues exist, except they’re just invisible to you. Attackers won’t have the same problem finding them.

3. Remote Access Is Your Most Exposed Surface

Nearly two-thirds of all bad credentials found by Credential Auditor are remote user passwords. As remote work and VPN usage have expanded, so has the attacker's focus on these entry points. You need active visibility here, and Gen 6 can’t provide it.

4. Compliance and Cyber Insurance Demand Proactive Credential Management

Regulatory frameworks and cyber insurance underwriters increasingly require demonstrable credential hygiene practices. Running Credential Auditor on Gen 7 and acting on its findings is exactly the kind of documented, proactive security posture they’re looking for. An end-of-life Gen 6 device running without credential auditing is increasingly difficult to justify to an underwriter.

5. The Cost of Not Acting Is Far Higher Than an Upgrade

A single compromised credential can lead to ransomware deployment, data exfiltration, or full network takeover. The investment in upgrading to Gen 7 is a fraction of the cost of a breach, and it buys you a platform built for today’s threats, not yesterday’s.

How to Get Started

If you’re on Gen 6: Now is the time to plan your upgrade to a Generation 7 SonicWall. Talk to your SonicWall partner or reseller about migration options: the process is more straightforward than you might expect, and the security gains are immediate.

If you’re already on SonicOS 7.3.1/7.3.2 or 8.2.0, and above, Credential Auditor is available to you right now. Log in to your SonicOS management interface, enable Credential Auditor, and run your first audit. Then act on what you find, for example, rotate weak passwords, replace default credentials, strengthen your IKE pre-shared keys, and document the process. Then do it again, regularly.

The Bottom Line

Bad credentials are common; they’re concentrated in the highest-risk areas of your network, and the tools to find them exist today, on Gen 7 or Gen 8. If you’re on Gen 6, you’re running blind on one of the most critical security hygiene issues facing modern networks.

Upgrade to Gen 7 or Gen 8. Enable Credential Auditor. Know where you stand.

Share This Article

An Article By

Asif Mujtaba

Product Manager

Asif Mujtaba is a Product Manager at SonicWall with over a decade of experience in cybersecurity, specializing in product management and technical leadership. He is passionate about driving innovation and delivering secure, scalable solutions that empower organizations to navigate the evolving threat landscape.

Related Articles

  • Meet Credential Auditor: Take Control of Credential Sprawl with Automated Discovery and Control
    Read More
  • SonicWall NSM 3.5 SaaS Delivers Security That’s Built In, Not Bolted On
    Read More