This release brings forth integration support for HSM data encryption and YubiKey two-factor authentication as well as the provision to extend remote password capabilities beyond supported platforms via custom plugins.

New Features & Enhancements

  • Data encryption and protection with SafeNet HSMPassword Manager Pro (PMP) now provides out-of-the-box support for SafeNet Luna PCIe HSM which gives administrators the option to enable hardware-based data encryption for the application. This update helps administrators ensure increased data security levels by leveraging the integration to securely store PMP’s encryption key in the SafeNet HSM appliance available in their environment.
  • Password Reset Plugin: Provision to add custom plugins to remotely reset passwords for unsupported resource typesPassword Manager Pro (PMP) now allows manual addition of custom reset plugins (created in the form of an implementation class) that can be invoked from PMP server to carry out remote password resets for platforms that are not supported out-of-the-box, such as legacy resource types, in-house applications, etc. Administrators can leverage this update to also configure access control for unsupported resources and enforce automatic reset of their passwords instantly upon usage.
  • Integration support for YubiKey two-factor authenticationFrom v9800 onwards, Password Manager Pro readily integrates with YubiKey—a physical key made by Yubico, which ensures secure and strong user authentication, to provide two-factor authentication support for application login.
  • Root-based certificate signingPassword Manager Pro now enables administrators to sign and issue SSL certificates to end-servers within the network environment, based on a root certificate that is trusted within the network.
  • Website domain expiry notification:Administrators can now track upcoming public domain expirations in Password Manager Pro, facilitated via ‘Whois Lookup’. They can also opt to receive periodic email notifications regarding the same.
  • New RESTful APIS
    • To delete users with their usernames
    • To add users to user groups
    • To lock/unlock users
    • To import SSH keys
    • To associate/dissociate SSH keys
  • The REST API to create a new resource now additionally supports inclusion of “Domain Name” for the resource being created. Also, the REST API to get a user’s ID now supports special characters in the passed username.
  • Henceforth, REST API calls to PMP server will have a threshold policy. When any specific API call reaches the threshold number of 150 calls within a span of one minute, that API will be locked for a minute.
  • Users imported from Active Directory (AD) to Password Manager Pro will hereafter be provided the option to launch an RDP connection to Windows resources using the AD credentials with which they are currently logged into PMP.
  • Password Manager Pro now expedites domain validation for Let’s Encrypt certificate renewal through automated verification of DNS-01 challenges (for Azure and Cloudflare DNS).
  • Password Manager Pro now includes provisions to import certificate files to keystore by automatically pinning its corresponding private key with the acquired certificate.
  • Audit logs for bulk password resets triggered at resource group level and modification of dynamic resource groups have been revised to include more information. The bulk password reset log now also captures the name of the resource group for which the reset action has been triggered, either on-demand or scheduled. The second log now thoroughly captures the criteria value changes carried out for the selected dynamic resource group.
  • The “Transfer Ownership” option under the Users tab now lists the available PMP users in an alphabetical order to help expedite the operation.

Bug Fixes

  • From v9600 till v9702, both on-demand and scheduled remote password resets for Oracle resources failed due to server-side issues. This has been fixed.
  • From v9700 till v9701, when the MSP administrator imported an organization from a CSV file that also included information for Account Manager, the detail was not added to PMP during the import. As a result, operations like manage organization, edit, and delete organizations could not be performed for the imported organization. This has been fixed.
  • From v9500 till v9702, if the user conducted a custom search in the Resource Audit section, cleared the results, and then tried to carry out a PDF export of all the audit logs in that section, the action did not work and instead a new tab with a blank white screen opened. This has been fixed.
  • From v9600 till v9702, the search options in both User and Resource trash did not work. This has been fixed.
  • Earlier, if a user had checked out the password of an access controlled resource for a specified duration and the PMP server is restarted within that duration, the condition was automatically revoked and the user was able to continue using the password beyond the given time. This has been fixed.
  • Earlier, when an administrator created a new API user and saved the details in Password Manager Pro, the saved host name was automatically changed to that user’s IP address which led to connection issues during API calls. This has been fixed.
  • Earlier, Linux resources added to PMP via REST API were not displayed in the list of available resources for “Public Key Association” in the SSH Keys tab. This has been fixed.
  • Earlier, while trying to fetch the IDs of a resource and its account via REST API by providing the resource and account names, resource names containing special characters were not allowed. This has been fixed.

Security Fix

  • Earlier, a Remote File Inclusion (RFI) vulnerability in Password Manager Pro’s landing server configuration tab allowed the administrator to upload any file to any location in PMP server via the image file upload field. This has now been restricted to only image files, which can be saved only in the predestined location. 
Build Release

You may be interested in these other recent articles

18 Feb

ManageEngine’s IAM and Cybersecurity On-Demand Events Hub

18 February 2022 | Joshua Ball

Watch webinars on demand and listen to podcasts at your convenience. ManageEngine has launched their IAM and Cybersecurity on-demand events hub, a one-stop shop for on-demand webinars and podcasts. At the on-demand events hub, you’ll find:   Carefully curated on-demand webinars from seven unique categories. Over 40 podcast episodes (and counting) on IAM and cybersecurity from three different podcast shows. ​ The webinars and podcasts are regularly updated, so watch this space to ensure you don’t miss out on the latest episodes!​​ Sign up today by clicking here. To find out more…

Read more
8 Sep

ManageEngine positioned in the Gartner® Magic Quadrant™ for ITSM Tools for the second consecutive year

8 September 2021 | Nigel Arnold

The 2021 Gartner® Magic Quadrant™ for IT Service Management Tools is out, and ManageEngine has been included in this year’s report. This is the second…

Read more
26 Jan

Cybersecurity Webinar Series – February 2021

26 January 2021 | Joshua Ball

IT Security Under Attack Join ManageEngine on a three day webinar series, where they will expose and explore the various tactics threat-actors use to intrude…

Read more