Clear Text Passwords found in File = <Install Dir>\CA\NFA\Reporter\NetQoS.ReporterAnalyzer.WebService\web.config
Article ID: 190058
Updated On:
Products
CA Network Flow Analysis (NetQos / NFA)
Issue/Introduction
Plain-text credentials located in
File = <Install Dir>\CA\NFA\Reporter\NetQoS.ReporterAnalyzer.WebService\web.config
<add name="DataStorageAppliance" connectionString="Server=%HOST%;Port=3306;Database=nqrptr;User Id=netqos;Password=netqos;Pooling=true;Treat Tiny As Boolean=false;"/>
<add name="FlowManager" connectionString="Server=%HOST%;Port=3306;Database=nfm;User Id=nqflow;Password=nqflow;Pooling=true;Treat Tiny As Boolean=false;"/>
<add name="Harvester" connectionString="Server=%HOST%;Port=3306;Database=harvester;User Id=harvest;Password=harvest;Pooling=true;Treat Tiny As Boolean=false;"/>
<add name="Archive" connectionString="Server=%HOST%;Port=3307;Database=archive;User Id=archive;Password=archive;Pooling=true;Treat Tiny As Boolean=false;"/>
<add name="ReporterAnalyzer" connectionString="Server=localhost;Port=3306;Database=reporter;User Id=netqos;Password=netqos;Pooling=true;Treat Tiny As Boolean=false;"/>
File = <Install Dir>\CA\NFA\Reporter\NetQoS.ReporterAnalyzer.WebService\web.config
<add name="DataStorageAppliance" connectionString="Server=%HOST%;Port=3306;Database=nqrptr;User Id=netqos;Password=netqos;Pooling=true;Treat Tiny As Boolean=false;"/>
<add name="FlowManager" connectionString="Server=%HOST%;Port=3306;Database=nfm;User Id=nqflow;Password=nqflow;Pooling=true;Treat Tiny As Boolean=false;"/>
<add name="Harvester" connectionString="Server=%HOST%;Port=3306;Database=harvester;User Id=harvest;Password=harvest;Pooling=true;Treat Tiny As Boolean=false;"/>
<add name="Archive" connectionString="Server=%HOST%;Port=3307;Database=archive;User Id=archive;Password=archive;Pooling=true;Treat Tiny As Boolean=false;"/>
<add name="ReporterAnalyzer" connectionString="Server=localhost;Port=3306;Database=reporter;User Id=netqos;Password=netqos;Pooling=true;Treat Tiny As Boolean=false;"/>
Environment
Release : 10.0
Component : NQRPTA - REPORTERANALYZER
Resolution
In the later versions of NFA,10.0.2 and 10.0.3, the usernames and passwords in those files aren't used, they are leftover from earlier versions and actually reference the old port number for mysql, 3306 instead of 3308.
The database user names and passwords are actually stored in a different file, the \CA\NFA\DBUsers\ReporterAnalyzer.ini file in fields like "ReporterAnalyzer.dbPassword=b8B(*]".
For new installations these passwords should already be encrypted, for upgraded environments verify that they are encrypted.
If it is not encrypted or you want to change the mysql passwords, you can follow the steps in the link below, but you must be on at least 10.0.1 or later. If you do change the passwords you must do it on the Console and on every Harvester and they all must match.
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/network-flow-analysis/10-0-0/installing/post-installation-or-upgrade-tasks/configure-mysql-user-password.html
As for the file you referenced above, you can edit the passwords in that file to prevent it from showing up in a scan again, but in general that file is not used for passwords.
The database user names and passwords are actually stored in a different file, the \CA\NFA\DBUsers\ReporterAnalyzer.ini file in fields like "ReporterAnalyzer.dbPassword=b8B(*]".
For new installations these passwords should already be encrypted, for upgraded environments verify that they are encrypted.
If it is not encrypted or you want to change the mysql passwords, you can follow the steps in the link below, but you must be on at least 10.0.1 or later. If you do change the passwords you must do it on the Console and on every Harvester and they all must match.
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/network-flow-analysis/10-0-0/installing/post-installation-or-upgrade-tasks/configure-mysql-user-password.html
As for the file you referenced above, you can edit the passwords in that file to prevent it from showing up in a scan again, but in general that file is not used for passwords.
Feedback
Yes
No
Powered by
