SUM (Sophos UTM Manager) needs a default root password
The CLI for SUM has a blank root password. If an administrator never goes to the CLI for SUM, he/she has no idea that this is a completely open system. This is incredibly unsafe and alarming for a company that sells security products. You should really hurry up and fix this as it is a vulnerability that is really embarrasing should someone publish it.