PAM360 Release 4.1 (4101) (1st April 2020)
- Just in Time (JIT) Privilege Elevation for Local Accounts
Now, a PAM administrator can provide just-in-time (JIT) privilege elevation to Windows local accounts in PAM360 with short-term access to a sensitive application or a service, for a defined period, say 30 minutes. In other words, the administrator can use this feature to temporarily elevate an account's privilege to be a Windows Administrator or any other privileged user, and accomplish the required privileged functions. This is useful in scenarios where users do not need continual privilege access but only a temporary, on-demand privileged access to certain applications or tasks.
PAM360 Release 4.1 (4100) (3rd February 2020)
- AWS EC2 Discovery
This build comes with the option to discover AWS EC2 instances and their associated privileged accounts, in addition to the already available Windows, Linux, VMware and Network device discovery. Discover the AWS EC2 instances by providing the access key and secret key of AWS IAM users. Discover the privileged accounts associated with each AWS EC2 instance by providing the SSH private key (.pem) of the relevant instance at the time of discovery. You can also discover AWS EC2 instances from multiple regions.
- Integration with the Automation Anywhere RPA Tool
ManageEngine PAM360 integrates with Automation Anywhere, Robotic Process Automation (RPA)-powered platform that automates software processes using bots. PAM360 renders a bot that helps you automatically fetch passwords from the PAM360 secure vault without manual intervention. This bot is capable of working in combination with other bots in Automation Anywhere to create a complete endpoint management workflow.
- Periodic Password Integrity Check
For resource groups, an option is already available to check if the passwords stored in the PAM360 database are in sync with the passwords in the target devices. Now, a new option 'Periodic Integrity Check' is added that allows you to schedule tasks to run on a specific day/time, or at regular intervals of the specified day(s), or on a specific day of a month. The password integrity check will happen periodically based on the schedule set. Unlike the former option, you can use the new option to check the integrity of the passwords in the desired groups at your convenient schedules.
- During RDP sessions, it was not possible to copy texts using the keyboard shortcut 'Ctrl+C'. This was due to a breakage in the content security policy header enabled in PAM360 build 4000. This issue has been fixed.
- From build 4000, while updating LDAP details, LDAP users alone got removed from the user group. This issue is fixed now.
- From build 4000, SSH sessions did not get recorded when the option 'Enable splitting of SSH and Telnet session recordings into multiple files' was enabled under 'General Settings--> Miscellaneous'. This issue occurred in FQDN servers or when the DNS name contained IP address. This issue has been fixed.
PAM360 Release 4.0 (4002) (14th January 2020)
Earlier, PostgreSQL data directories in Windows installations were entirely accessible to all locally authenticated users. Now, as a security practice, we have exerted the following measures, applicable for installations under the 'Program Files' directory:
- No inherited permissions are allowed for data and configurations directories.
- "Authenticated Users" permission has been excluded entirely.
- Only the CREATOR OWNER, SYSTEM, Installation User, NT AUTHORITY\Network Service and Administrators groups will have the Full Control over the directories and also can start PostgreSQL.
PAM360 Release 4.0 (4001) (13th November 2019)
Integration with DigiCert SSL
PAM360 integrates with DigiCert—a leading TLS/SSL, IoT and various other PKI solutions provider. Users can request, acquire, create, deploy, renew and automate the end-to-end management of SSL/TLS certificates issued by DigiCert, all directly from the PAM360 portal.
It is now possible to create and use predefined templates for CSR (Certificate Signing Request) generation from PAM360.
Option to Exclude Certificates
Users can now choose to ignore certain certificates during the SSL discovery or manual addition of certificates into the PAM360 repository. A new option is added under 'Admin >> SSH/SSL >> Exclude Certificate', which you can utilize to add the certificates to be excluded, by specifying their Common Name and Serial Number.
Support for RFC2136 DNS Updates
PAM360 now supports RFC2136 DNS updates to complete domain control validation while acquiring certificates from public certificate authorities (CAs).
Support for Browser Extensions
From build 4001, support is enabled for browser extensions (Chrome and Firefox), which allows you auto-fill passwords to websites and web applications, and set up Auto-Logon gateway to launch RDP and SSH sessions. Additionally, the add-on allows you to view all passwords, resource groups, favorites, etc., and access existing passwords and add new ones - all into a single platform accessible through a central console.
- Option to modify the email id of the Let's Encrypt account, used by Let's Encrypt to send email alerts of expiring certificates.
- From the PAM360 build 4001, an option is provided for Linux resource types that users can opt to force map SSH keys to user accounts, even if the target systems are not reachable.
- Users can now use PAM360 to sign CSRs (either using your internal Microsoft CA or a root certificate) as and when they are generated.
- PAM360 now supports file-based discovery for scheduled SSH and SSL discovery tasks.
- A new dashboard widget to provide data about SSL configuration vulnerabilities has been added.
- Support is enabled for the discovery of SSH keys with ECDSA and ED25519 signature algorithms.
- A new REST API to view the private key passphrase of SSL certificates has been added.
In PAM360 build 4000, while trying to integrate with ServiceDesk Plus, the "Invalid API key" error was encountered. This issue has been fixed in this build.