When an internal Foglight® user account is created, the user's password is hashed with the MD5 algorithm and the resulting digest is stored in the Foglight database. User passwords are therefore not stored anywhere, in encrypted or in clear text form.
LDAP server passwords are encrypted with Triple DES. A default 112-bit Triple DES encryption key is used in all cases of installations of Foglight®. This encryption key is stored in a Java keystore protected by a Foglight master password. Customers have the ability to change the Triple DES encryption key after installation by using Foglight to generate a new key. Quest recommends customers change the default Java keystore password upon the installation of the Management Server.
The login credentials for the database administrator account on the Foglight® repository are encrypted in identical fashion as the LDAP credentials, using the same encryption key.
Foglight® cartridges include agents that require access to service account login credentials on the systems or applications that they monitor. Foglight stores these credentials in the repository database which is protected by access control. Any agent property that is marked as sensitive is masked during display in user interface consoles.