search cancel

Clear Text Passwords found in File = <Install Dir>\CA\NFA\Reporter\NetQoS.ReporterAnalyzer.WebService\web.config


Article ID: 190058


Updated On:


CA Network Flow Analysis (NetQos / NFA)


Plain-text credentials located in 
File = <Install Dir>\CA\NFA\Reporter\NetQoS.ReporterAnalyzer.WebService\web.config

<add name="DataStorageAppliance" connectionString="Server=%HOST%;Port=3306;Database=nqrptr;User Id=netqos;Password=netqos;Pooling=true;Treat Tiny As Boolean=false;"/>
    <add name="FlowManager" connectionString="Server=%HOST%;Port=3306;Database=nfm;User Id=nqflow;Password=nqflow;Pooling=true;Treat Tiny As Boolean=false;"/>
    <add name="Harvester" connectionString="Server=%HOST%;Port=3306;Database=harvester;User Id=harvest;Password=harvest;Pooling=true;Treat Tiny As Boolean=false;"/>
    <add name="Archive" connectionString="Server=%HOST%;Port=3307;Database=archive;User Id=archive;Password=archive;Pooling=true;Treat Tiny As Boolean=false;"/>
    <add name="ReporterAnalyzer" connectionString="Server=localhost;Port=3306;Database=reporter;User Id=netqos;Password=netqos;Pooling=true;Treat Tiny As Boolean=false;"/>


Release : 10.0



In the later versions of NFA,10.0.2 and 10.0.3, the usernames and passwords in those files aren't used, they are leftover from earlier versions and actually reference the old port number for mysql, 3306 instead of 3308.

The database user names and passwords are actually stored in a different file, the \CA\NFA\DBUsers\ReporterAnalyzer.ini file in fields like "ReporterAnalyzer.dbPassword=b8B(*]".

For new installations these passwords should already be encrypted, for upgraded environments verify that they are encrypted.

If it is not encrypted or you want to change the mysql passwords, you can follow the steps in the link below, but you must be on at least 10.0.1 or later. If you do change the passwords you must do it on the Console and on every Harvester and they all must match.

As for the file you referenced above, you can edit the passwords in that file to prevent it from showing up in a scan again, but in general that file is not used for passwords.