Verify Privilege Vault Release Notes 9.x

Release Notes 9.1.000001

Release Date: 10/13/2016

Enhancements

  • It is required to upgrade to 9.1.000001 before Verify Privilege Vault will upgrade to 10.0.000000
  • Added installer enhancements to support the 10.0.000000 release. Release Notes 9.1.000000 Release Date: 7/13/2016 Enhancements

  • REST API

    • REST based web services API for managing Secrets, Users, and Groups.
    • For more information see the REST API Guide on the Verify Privilege Vault documents page

  • Web Password Filler

    • A new Chrome extension for website logins is available, for more info see this KB article.
    • NOTE: After upgrade, Chrome users will be prompted automatically to install this extension. Firefox and Internet Explorer users will continue to use the existing add on or bookmarklet.

  • Site per OU in Discovery

    • Assign an Engine Site at the OU level in Discovery
    • Set a different Secret per OU in Discovery
  • Added option to set owners on user accounts to delegate account management
  • Added support for SCP through the SSH proxy
  • Added additional options to the Secret Expiration event subscription
  • Disabled dependencies are hidden by default on the Secret Dependency page
  • Added additional option for windows password changers to help handle multiple IP addresses in DNS for a single machine
  • Editing a password field on a Secret with password changing enabled now gives the user a dismissable prompt to help prevent mistaken password edits
  • Domain user accounts can now be marked as Application Accounts for integrated auth web service access only

Bug Fixes

  • ConnectWise integration now uses the API rather than database table integration. See this KB for information on setting up API access to ConnectWise.
  • Fixed issue where multiple syslog destinations using the FQDN did not work
  • Fixed issue where a user viewing a Secret after a password change within the Secret View interval after their last Secret View did not result in an audit.
  • Fixed issue where Oracle error ORA-12170 was treated as heartbeat failed rather than unable to connect.
  • System log truncation notification email goes to users with Administer System Log permission rather than Administer Configuration
  • Fixed issue where commas in group names were not parsed correctly on AD Sync
  • Fixed issue with AD sync when a group had more than 1500 members
  • Fixed issue with AD sync when the OU has asterisks in the name
  • Fixed issue where Session launchers did not trim spaces from username and machine fields
  • Fixed syslog error when the event details exceeded 4000 characters
  • Performance updates for the Recents Secrets widget and Secret Load when there are a large number of audit records on a Secret
  • Check In web service method now respects the Force Checkin role permission.
  • Fixed access denied message when doing a bulk operation for convert secret template without the view deleted secrets role permission
  • Fixed potential licensing error when running the PowerShell password changer
  • Fixed issue where setting AutoChange schedule through Secret Policy would not use UTC
  • Added support for HMAC-SHA2-256 and HMAC-SHA-512 ciphers for SSH Heartbeat and Password Changing
  • Fixed issue with SSH dependencies on Cisco devices where the setenv command was not available
  • Added additional information to the Subscription Dependency failure email to include machine name and dependency name that failed
  • Added additional logging for Heartbeat and Password Change monitors Mobile Updates
  • The IBM Security PAM Android app has been republished. Existing Android users will need to uninstall and re-install to get the new version.

Release Notes 9.0.000000

Release Date: 4/13/2016

Enhancements

  • Mac Session Launcher

    • RDP, SSH, and Custom Launchers are now supported with the new Mac OS X protocol handler.
    • For more information see this KB.

  • Geo Replication

    • MS SQL Replication is now supported as an additional add on module. Contact your account rep if you are interested.

  • UNIX Verify Privilege Manager

    • Administrators can configure SSH command menus to limit what users can do with root and other privileged credentials.
    • Requires a separate add on, contact your account rep if you are interested.
  • Remember Me is now available for 2 factor.
  • New option for SSH launchers to specify a Connect As Secret to make the initial connection before switching to the current Secret's user for cases when accounts are denied SSH login.
  • Dependencies and Secret Audit are now copied to the new Secret when converting Secrets.
  • The Tree View on Dashboard and Discovery Network View is now collapsible.

  • Windows Discovery now finds:

    • If an account is Local Administrator
    • If an account is in the Local Administrators Group
    • Password last set date
    • Password expiration date
    • Password expiration status

Bug Fixes

  • Fixed issue where domain FQDN wasn't populated during Active Directory Sync.
  • Fixed issue with syncing an Active Directory Group with more than 1,500 members.
  • Fixed issue where SSH proxy wouldn't restart after web server failover.
  • Fixed issue where searching wouldn't work on Secret name's starting with ":"
  • Fixed issue where selecting an approval user or group could cause an error on Secret Policy creation.
  • Added optional remember me setting for two factor authentication.

Security Fixes

  • The version of PuTTY shipped with Verify Privilege Vault has been updated to version 0.67 to include the latest security fixes. For more information please refer to the PuTTY change log.