search cancel

Clear Text Passwords found in File = <Install Dir>\CA\NFA\Reporter\NetQoS.ReporterAnalyzer.WebService\web.config

book

Article ID: 190058

calendar_today

Updated On:

Products

CA Network Flow Analysis (NetQos / NFA)

Issue/Introduction

Plain-text credentials located in 
File = <Install Dir>\CA\NFA\Reporter\NetQoS.ReporterAnalyzer.WebService\web.config

<add name="DataStorageAppliance" connectionString="Server=%HOST%;Port=3306;Database=nqrptr;User Id=netqos;Password=netqos;Pooling=true;Treat Tiny As Boolean=false;"/>
    <add name="FlowManager" connectionString="Server=%HOST%;Port=3306;Database=nfm;User Id=nqflow;Password=nqflow;Pooling=true;Treat Tiny As Boolean=false;"/>
    <add name="Harvester" connectionString="Server=%HOST%;Port=3306;Database=harvester;User Id=harvest;Password=harvest;Pooling=true;Treat Tiny As Boolean=false;"/>
    <add name="Archive" connectionString="Server=%HOST%;Port=3307;Database=archive;User Id=archive;Password=archive;Pooling=true;Treat Tiny As Boolean=false;"/>
    <add name="ReporterAnalyzer" connectionString="Server=localhost;Port=3306;Database=reporter;User Id=netqos;Password=netqos;Pooling=true;Treat Tiny As Boolean=false;"/>

Environment

Release : 10.0

Component : NQRPTA - REPORTERANALYZER

Resolution

In the later versions of NFA,10.0.2 and 10.0.3, the usernames and passwords in those files aren't used, they are leftover from earlier versions and actually reference the old port number for mysql, 3306 instead of 3308.

The database user names and passwords are actually stored in a different file, the \CA\NFA\DBUsers\ReporterAnalyzer.ini file in fields like "ReporterAnalyzer.dbPassword=b8B(*]".

For new installations these passwords should already be encrypted, for upgraded environments verify that they are encrypted.

If it is not encrypted or you want to change the mysql passwords, you can follow the steps in the link below, but you must be on at least 10.0.1 or later. If you do change the passwords you must do it on the Console and on every Harvester and they all must match.

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/network-flow-analysis/10-0-0/installing/post-installation-or-upgrade-tasks/configure-mysql-user-password.html


As for the file you referenced above, you can edit the passwords in that file to prevent it from showing up in a scan again, but in general that file is not used for passwords.