ManageEngine Password Manager Pro – Build 9600 Released

New Features & Enhancements

SQL and SSH Remote Terminal Sessions with Windows Domain accounts

• From v9600 onwards, users can launch SSH connections to Linux resources using Windows Domain accounts stored in Password Manager Pro’s database. Remote password reset actions for Linux resources can also be configured by using a Windows Domain account for remote login to the Linux resources.
• Provision to remotely connect to a MS SQL server using a Windows Domain account has also been added.

Secure Cloud Storage Options for Anytime, Anywhere Access to Passwords

• Provision to export and automatically synchronize the password-protected, encrypted HTML files to authorized users’ Amazon S3 and Box accounts.
• Administrators can configure automatic deletion of the exported files in the users’ Amazon S3 or Box accounts after a set time period and also trigger password resets for all the resources contained in the file.

Active Directory – Synchronization Enhancements

Version 9600 introduces a revamp to the ‘Synchronization Schedules’ screen under Active Directory (AD) configuration. The screen now includes a sidebar navigation tab that lists the AD domains that have synchronization schedules configured and also offers a separate view of synchronization schedules configured for users and resources respectively. The enhancements include:

• Provision to schedule separate synchronization intervals for import of users and resources respectively, for any given domain.
• Provision to schedule separate synchronization intervals for multiple groups in a domain, for import of users and resources.
• Provision to schedule separate synchronization intervals for multiple organizational units (OUs) in a domain, for import of users and resources.
• Provision to set a custom display name for groups/OUs imported from AD domains. The original AD names of the groups/OUs will also be retained.

Microsoft CA Certificate Signing

Password Manager Pro now allows users to get certificate requests signed from Microsoft Certificate Authority, thereby facilitating complete life cycle management for certificates issued by Microsoft Certificate Authority.

CMDB Integration for SSL Certificates Synchronization

Administrators can now sync SSL certificates stored in Password Manager Pro’s repository with ManageEngine ServiceDesk Plus CMDB and map certificates to specific servers / applications in the CMDB. This allows them to monitor their usage and expiration from ServiceDesk Plus’ CMDB.

SSL Certificate Groups

This enhancement allows users to organize SSL certificates into logical groups based on various criteria and execute actions in bulk for the groups.

Localization Support for Turkish

Introducing localization support for Turkish in Password Manager Pro’s multi-language editions, in addition to Chinese, Japanese, Spanish, German, French, and Polish languages.

Disable Password Resets for Privileged Accounts

This enhancement to account creation and edit actions under Resources tab allows administrators to disable both local and remote password resets for all or a specific set of accounts associated with a resource.

• Administrators can now set a non-administrative role—either system-owned or custom made, as the default user role in their Password Manager Pro installation. The default role will also be assigned automatically to users imported from CSV files/AD/Azure AD/LDAP, unless manually specified otherwise by the administrator.
• Earlier, when the Password Manager Pro server (PMP) had a firewall or load balancing configuration, the PMP audit trails showed the IP address of the firewall/load balancer instead of the IP address of the user’s machine. From v9600 onwards, PMP will log the IP address of the machine, from which it was accessed, in the audit trails instead of the firewall/load balancer IP address.
• For Password Manager Pro’s MSP editions, the audit trails under Resource, User, and Task Audit tabs now also display the name of the respective MSP or client organization associated with the related operation.
• Date based discovery filter for Microsoft Certificate Authority certificate discovery introduced.
• Option to separately track and manage various versions of the same SSL certificate (with the same common name).
• Option to import and map a private key to certificate.

Bug Fixes

• From v9200 till v9502, when a resource had access controls enabled and multiple users later requested access to that resource with different timeframes for password checkout, the timeframe of the last logged request alone was recognized and every user could get access to that resource only during that timeframe. This has been fixed.
• From v9200 till v9502, when a resource has access controls enabled for a particular user group, the access controls did not apply to any new user(s) added to that user group later. Similarly, the access controls still applied to a user even after they had been removed from that user group. This has been fixed.
• From v9000 till v9502, when users who were either Password Users or Password Auditors launched an SSH or a SQL session, the option to initiate a chat with the administrator monitoring the session was not displayed in the session terminal window for the aforementioned users. This has been fixed.
• From v8700 till v9502, under custom roles, the permission to add resources to a resource group in Password Manager Pro was attached to the operation ‘Add Resource Group’. This has been changed; the permission is now attached to the operation ‘Edit Resource Group.’
• From v9000 till v9502, under any sections of the Audit tab such as Resource Audit, User Audit etc., when the user runs a filter or keyword search for a specific set of audit trails and later tries to export the obtained results alone, the exported PDF or CSV file instead contained all the audit trails. This has been fixed.
• From v9000 till v9502, if the users were enforced to provide a reason for password retrieval under General Settings, the users could submit a blank space in the reason field and still retrieve the password. This has been fixed.
• Earlier, remote password reset did not work for Oracle user accounts if the respective accounts’ names began with a number or a special character. This has been fixed.
• Earlier, if a resource’s DNS name contained more than a hundred characters, the corresponding Resource Actions icon did not work under the Resources tab. This has been fixed.
• Earlier, when users tried to manually change the password for an existing account of any resource, they were able to set a password that did not comply with the password policy defined for that resource if password visibility is set to ‘Show’ under ‘Show/hide Password’. This has been fixed.
• Earlier, when generating certificate signing requests with SAN names, the SAN names were not updated. This has been fixed.
• Earlier, there were issues with fetching the system locale on Microsoft CA discovery. This has been fixed.

Security Fix

• Password Manager Pro’s master encryption key generation process, which was identified as being weak and vulnerable due to relatively less entropy, has now been made stronger with the inclusion of a higher entropy rate. This addresses and fixes the said vulnerability—the ability to roughly identify the character pattern used to generate the master encryption key (provided that one has direct physical access to the server in which PMP is installed).