NCM Session Tracing is a debug feature which creates a log of transaction information between nodes and the server running NCM, which includes a record of keystrokes / etc. sent to nodes and return information. User names and passwords used during a session are saved to the debug file SWTelentDebug.txt in clear text. It doesn't seem to be all credentials - the looking I did yesterday seemed like the amount of credentials saved to the log file depended on the login method used. If local credentials are used to log in to a device, it looks like all credential information was saved in the clear. RADIUS credentials did not appear to be logged. All enable passwords (if required) appear to be included.
Any credentials used in a session should be obfuscated or removed entirely if session traces are ever expected to be provided to SolarWinds staff.
