ManageEngine Password Manager Pro - Release Notes

Password Manager Pro Release 8.5 (8504) (19th September 2016)

Enhancements & Bug Fixes

• Earlier, upgrade packs could be applied only to Password Manager Pro's primary installation, and high availability had to reconfigured every time after the upgrade. Henceforth, upgrade packs can be directly applied to the secondary installation as well, without any need to reconfigure high availability.
• In v8500 and above, when Password Manager Pro server was restarted, personal password management option was getting enabled even in cases where it had been disabled by the administrator. This has been fixed.
• Earlier, there were AD sync issues while importing users and resources from different domains. Resources/users from the wrong domain were imported for a few sync schedules when they were run again after the first import operation. This issue is fixed.
• Earlier, in the MSP edition, while providing a user group with 'Manage Organization' permission for different orgs, only 100 organizations could be allotted to that user group. This limit has been removed now.
• In v8500 and above, while adding a new account under a resource, the add operation could not be successfully completed if the 'Notes' field contained more than 230 characters. This issue is fixed.
• In v8500 and above, whenever a password is checked in by a user, the audit log for the check in operation did not properly display the resource name (if the name contained characters like ' a m p & ' ). This issue is fixed.
• Earlier, for any resource group, if the option 'Reset passwords upon expiry' was enabled, the option did not work for the resources within the group for which access control had been configured. This issue is fixed.
• In v8500 and above, while adding a Linux resource, the add operation could not be completed if 'Private Key' field was left blank. This issue is fixed.

Bug & Security Fixes

• Earlier, clear/copy to clipboard actions in the GUI were carried out with Flash support. For security purposes, Flash elements have been removed for these actions and support is now provided through JavaScript.

Password Manager Pro Release 8.5 (8503) (25th August 2016)

Feature Enhancements & Bug Fixes

• Earlier, when a domain admin account was shared with users for RDP auto logon to related domain member machines, the users could use that domain account credentials to log in to the domain controller as well. Now, while sharing domain admin accounts with users for auto logon purposes, an optional check is given to prevent RDP connections to the domain controller resource.
• A new check has been introduced, while adding a Windows resource, to restrict users from using the local account of that resource to launch RDP connection, and instead use only the domain account to connect to the resource.
• Earlier, when the last remaining user in an organization unit (OU) was removed in AD, the same user did not get removed from the corresponding user group in Password Manager Pro. This issue is fixed.
• Earlier, in the "Show Passwords" table under "All My Passwords," the selected column sort order did not persist for non-admin users once they navigated to other tabs. This issue is fixed.
• In Password Manager Pro Japanese edition, audit log for the operation 'Discovery Task Deletion' was not captured properly in the audit records. This issue is fixed.
• Earlier, under Passcard option, when the provided link is opened to access the concerned account, the password could not be viewed properly if the Resource Name or Account Name shown in the GetPasscard page contained a "space." This issue is fixed.
• Earlier, for Add Resource operations, account addition step failed if the concerned account's password field contained specific characters (<>). This issue is fixed.
• Earlier, when users tried to reset Google Authenticator settings from the Password Manager Pro login page, the option did not work due to case-sensitive issues or if the username contained '\' (Backslash). This issue is fixed.
• In v8500, users were unable to add new resources under the pre-defined type 'PostgreSQL,' if they had earlier created and saved 'PostgreSQL' as a custom resource type. This issue is fixed.
• In v8303, while importing OUs from Active Directory, all the resources in the 'Default Group' in Password Manager Pro were automatically removed if the name of any of the OUs contained a comma (,). This issue is fixed.
• Earlier, in the UI screen, Admin-->Add Resource-->Add Accounts, when an account was added, password of the added account was partially revealed along with the account name in the display box beneath. This happened if the password contained both double quotes (") and greater-than sign (>), in that order. This issue is fixed.
• Earlier, under "Scheduled Password Reset," while setting Password to use, the option "Assign the same password to all user accounts, but change it during every schedule" did not work properly. Instead of a same password, unique passwords were set for each account. This issue is fixed.
• Earlier, while using RESTful API to add or modify a resource, the users could not use the characters, '<' and '>' in the account password. This limitation has been removed now.

---

Password Manager Pro Release 8.5 (8502) (27th July 2016)

Feature Enhancements & Bug Fixes

• Earlier, option to open direct RDP connections to target resources using multiple domain accounts was available only under the Auto Logon tab. Now, the option is also available under 'Resources' and 'All My Passwords' tab.
• Customers (except MSP edition users) in v8500 faced issues in saving new changes in 'Export Passwords - Offline Access' settings. This has been fixed now.
• Customers in v8500 were not able to save changes in User Settings for any user groups, if their language setting is not English. This issue has been fixed now.
• In 'Advanced Search' option, the search results were incorrect if the search text contained '&'. This issue has been fixed now.
• Earlier, when users tried to reset Google Authenticator settings from the Password Manager Pro login page, the option did not work if the username contained '_' (Underscore). This issue has been fixed now.

Security Fixes

• Earlier, net use command was used by Password Manager Pro agent (Windows) for password reset and verify operations. If 'Audit Process Creation' is enabled under 'Advanced Security Audit Policy Settings' for the Windows target machines, the reset and verify operation commands were captured in the Windows event logs, including new passwords in clear text. This has been fixed now, by using Windows APIs instead of net use command for the agent to carry out password reset/verify operations.

---

Password Manager Pro Release 8.5 (8501) (9th July 2016)

Feature Enhancements

• Service Account Password Reset using Password Manager Pro Agents
  Password Manager Pro agent enhanced to support automatic propagation of password changes across dependent services associated with a Windows domain account, when the respective account passwords are reset in Password Manager Pro.
• Group Settings Replication during Organization Addition (MSP Edition)
  While creating a new client organization, MSP admins can now replicate the user and resource group structures as present in the MSP org and other client orgs. Resource group to user group share settings can also be replicated in the new org.
• Under 'Users' tab, new option to search for users by their 'First/Middle/Last Name' has been added.

Bug & Security Fixes

• Customers using v8500 faced slow performance issues while loading Two-factor authentication settings in the application's web interface. Page load time took 30-40 seconds. This has been fixed now.
• Earlier, while creating resources in Password Manager Pro, only HTTP and HTTPS schemes were allowed to define 'Resource URL'. Now, Amazon S3 URL styles and other schemes are also supported.
• In version 8500, values entered in additional field columns/accounts and values copied to clipboard were displayed incorrectly due to encoding issues. This has been fixed now.
• In version 8500, while selecting default domain under User Management in General Settings, an invalid input error was thrown if the default Domain Name field contained special characters. This has been fixed now.
• An XML eXternal entity (XXE) vulnerability identified in XML-RPC API has been fixed.

---

Password Manager Pro Release 8.5 (8500) (June, 2016)

Security Fixes & Enhancements:

• Password Manager Pro now comes with a comprehensive security filter that helps protect the solution against a host of vulnerabilities, including cross-site scripting attacks (XSS) and cross-site request forgery (CSRF). In addition, to prevent any unauthorized actions by genuine users (by manipulating the parameters in the URLs), authorization check has been enabled for every single action involving a database query through URLs.
• New REST API to add API User.

---

Password Manager Pro Release 8.4 (8404) (May, 2016)

Security Fix

• Users making use of LDAP authentication were able to access their Password Manager Pro account through PMP's browser extensions by supplying a blank password. This issue was found only in PMP's browser extensions and NOT in the web version. However, since the fix involves changes in APIs in the web version, this security fix is being provided. Customers of all versions of PMP (till 8403), who are using browser extensions with LDAP authentication should apply this fix, in addition to upgrading the browser extension separately.

---

Password Manager Pro Release 8.4 (8403) (April, 2016)

New Features

• IIS AppPool Password Reset: Support for automatically resetting the passwords of associated IIS AppPool accounts when the domain account passwords are reset through Password Manager Pro. Optionally, the IIS AppPools can be restarted remotely by Password Manager Pro after the password change.
• New REST APIs:
  • To download certificates, licenses, and other files.
  • To add license keys, digital certificates, documents, images and more
  • To create multiple accounts that are associated with a specific resource id.
  • To delete a specific user in Password Manager Pro.
• Transfer Approver Privileges: Option to transfer the privilege to approve password access requests from one administrator to another in bulk. When an administrator leaves the organization or moves to a different department, all the approval privileges of that administrator can now be transferred to another administrator in a single click.

Enhancements & Bug Fixes

• Provision to customize password expiry report based on expiration date of passwords. With this option, you can now generate the list of passwords that are about to expire during a specified period of time. For instance, you can find passwords that will expire in the next 5 days.
• Privileged accounts can now be marked as favorites from the search result view itself.
• Earlier, custom reports, once saved, could not be duplicated with additional edits. Now, 'Save as new' option has been added to create duplicate copies of saved custom reports. Also, a direct link to create custom reports has been added under 'Audit' tab.
• RESTful API to fetch account details has been enhanced to include password expiry status, compliance status and reason in case of non-compliance, and configured policy for the accounts.
• Privileged accounts can now be marked as favorites from the search result view itself. Earlier, when password compliance notifications were configured for individual resource groups, in certain rare scenarios, some compliant passwords were also notified as non-compliant. This issue has been fixed.
• Earlier, when the option "Allow all admin users to manipulate the entire explorer tree" had been enabled in "General Settings", all resource groups, including unshared groups were displayed in the explorer tree structure (only the names of the unshared groups were displayed in grey text; the underlying passwords were not shown). Now, unshared groups can be hidden from view.
• Earlier, users had to manually go to 'Resources' tab and select the resource group name under 'Show Resources of' option to view the list of resources in each group. Now, resource group names have been hyperlinked to automatically take the user to 'Resources' tab and display the corresponding resources.

Security Fixes

• Earlier, while viewing old passwords from password history, it was possible to make changes to account ID in the request URL and retrieve password history of unshared passwords. This issue has been fixed now.
• Earlier, URL query string parameters were passed through HTTP GET method for 'Password Change' and 'Password Export' features, which was a concern since GET holds parameters in history. This has been changed now by using HTTP POST for query strings instead of HTTP GET.

---

Password Manager Pro Release 8.4 (8402) (March, 2016)

Bug Fixes:

• In PMP builds v8400 and 8401, Active Directory synchronization for resources did not work properly. This has been fixed.
• Earlier, search based on account additional fields for criteria-based groups did not work on the 'Add Resource Group' page. This has been fixed.
• Earlier, searching on numeric fields for criteria-based groups did not work with PostgreSQL as the backend database. This has been fixed.
• Earlier, audit filter in the recorded sessions tab did not work with MySQL as the backend database. This has been fixed.

---

Password Manager Pro Release 8.4 (8401) (February, 2016)

Bug Fixes:

• In PMP 8400 build, it was not possible to configure single sign on as part of active directory integration. This has been fixed.
• In PMP 8400 build, while importing users from an OU in AD, automated email notification was sent to all the imported users. This has been fixed.

---

Password Manager Pro Release 8.4 (8400) (February, 2016)Video demo

New Features:

• Launch Direct Connection With Remote Databases: Provision to launch a direct connection to remote databases from PMP web-interface and execute CRUD queries without deploying any database query tools. In addition, shadow the session in parallel and chat with other admins/ users present in the session.
• VNC Support for Collaboration: Provision to remotely access and take control of resources using VNC. By this way, administrators get direct access to the remote machine and could collaboratively work with other users.
• Launching Administrative Console Session using RDP: Provision to launch an administrative console session with remote resources using RDP.

Enhancements & Bug Fixes

• Earlier, there were some scrolling issues in the SSH console. This has been fixed with a new interface.
• Earlier, AD User Sync feature was available only for Enterprise Edition. Now, this feature is available in all editions.
• Security Best Practices Enforcement
  • Option to disable local authentication when AD/LDAP authentication is enabled.
  • Password Manager Pro will enforce password reset in the following scenarios:
    1. Change the login password after first login to PMP
    2. When username itself is used as the password.
    3. After exercising the forgot password option.
  • When two-factor authentication is enabled globally, all new users who are imported/synced from AD/LDAP will have two-factor authentication enabled by default.
  • Earlier, password administrators also had the privilege to mark any password policy as the default policy. Henceforth, only administrators will have the privilege.

---

Password Manager Pro Release 8.3 (8303) (December, 2015)

Enhancements & Bug Fixes

• Automatic synchronization of Active Directory OU details did not work in the following scenario: When users / resources belonging to a sub-OU are imported into Password Manager Pro, the synchronization for the same did not work after a subsequent import operation from any other OU or sub-OU. This has been fixed. (Affects only those who started with PMP from build 8200 or later. Customers using previous versions and the ones migrated to latest versions from builds prior to 8200 are NOT affected).
• Provision to use a named instance of MS SQL server as the backend database for PMP. This is supported in all scenarios - using MS SQL server as the backend database afresh, and when upgrading from PostgreSQL or MySQL to MS SQL.
• Earlier, there were issues in loading audit trails when the page contained a large amount of data. Performance enhancements through optimizing SQL queries now result in showing the data 10 times faster. Displaying about 1 million audit records now approximately takes two seconds. In addition, you can now filter audit trails from primary and secondary servers and view them separately

---

Password Manager Pro Release 8.3 (8302) (November, 2015)

Enhancements & Bug Fixes

• Option to enforce password policy for personal passwords.
• Option to enforce users to guard their personal passwords with a passphrase, which will be used as the encryption key for storing the personal passwords.
• Option to map username between PMP and Radius two-factor authentication service. This helps simplify user management.
• A new report to capture the list of users who are not part of any user group.

---

Password Manager Pro Release 8.3 (8301) (October, 2015)

Bug Fix:

• In PMP build 8300 (only for the users who upgraded from earlier builds), search and sort did not work in some table views in the GUI. This has been fixed.

---

Password Manager Pro Release 8.3 (8300) (October, 2015)

New Features & Enhancements

• Automatic discovery of service accounts and group creation: When discovering Windows accounts, PMP automatically fetches the service accounts associated with services present in the domain members
• Password Manager Pro browser extension could be selectively enabled / disabled for specific users alone
• Personal passwords can now be imported from CSV
• New REST API to add a resource to a new or an existing resource group while creating the resource
• Support for RSA On-Demand authentication as part of two factor authentication
• Provision to mark organizations as "Favorite Organizations" in Password Manager Pro MSP Edition

Bug Fix:

• Password Administrators can now view the list of users who are part of a user group
• Enhancements to global search and advanced search options. Results get displayed quicker now
• Earlier, there were issues in generating Password Inventory / Custom Password Inventory reports as .xls file. This has been fixed now.
• In PMP build 8200 (only for the users who upgraded from earlier builds with PostgreSQL as backend database), there was an issue in associating password policies at the account level. This has been fixed.

---

Password Manager Pro Release 8.2 (Build 8200) (August, 2015)

New Features & Enhancements

• Browser Extensions: Seamlessly auto-logon to websites and applications, launch RDP and SSH sessions, access existing passwords, and add new ones - all from PMP's extensions for Chrome and Firefox browsers, without leaving the browser tab you're in.
• Chat While Monitoring Remote Sessions: While monitoring SSH/Telnet sessions, administrators can chat with other admins/users who are in the session.The chat transcripts are also recorded along with the session being recorded.
• Manage Schedules: Option to quickly view and edit all the schedules created in the product single, centralized page.
• Password Policy: Option to assign password policies at individual accounts level. Earlier, password policies could only be assigned at resources level.

Bug Fix:

• Earlier, while generating custom reports, there were some issues populating data when the criteria chosen was "user group". This has been fixed.

---

Password Manager Pro Release 8.1 (Build 8102) (July, 2015)

Bug Fixes

• In PMP builds 8100 and 8101, there were issues in synchronizing active directory groups in PMP. This has been fixed
• In PMP builds 8100 and 8101, there was an issue with domain user password reset when the password contained special characters. This has been fixed.

---

Password Manager Pro Release 8.1 (Build 8101) (July, 2015)

Bug Fixes

• A SQL injection vulnerability identified in advanced search module of PMP has been fixed.
• Earlier, exporting passwords as an encrypted HTML file for offline access did not work in installations with PostgreSQL as the backend database. This has been fixed.

---

Password Manager Pro Release 8.1 (Build 8100) (June, 2015)

New Features & Enhancements

• Failover Service with MS SQL Clusters: Option to configure redundant PMP servers with a common MS SQL cluster, which in turn has multiple PMP database instances bound to it for fail over. (While the 'High Availability' feature in PMP requires two separate database instances to be mapped to the Primary and secondary servers of PMP respectively, the 'Failover Service' functions with redundant PMP server instances which have access to a common MS SQL cluster).
• Custom Encryption: Option to use custom encryption for data storage. By default, PMP encrypts all passwords and other sensitive information using AES-256 symmetrical encryption algorithm. You can now plug-in your own implementation for encryption and decryption.
• Password Explorer Tree Manipulation: PMP now retains the state of children nodes in the password explorer tree and the last opened nodes will be persisted in the database. This latest enhancement helps load pages much faster.

Changes & Bug Fixes

• Earlier, password expiry notifications were sent seven days prior to the expiry date. This has now been made configurable.
• Earlier, there were issues in executing the "Forgot Password" option on the google authenticator login screen. This has been fixed now.
• Earlier, there were issues in terminating the RDP sessions. This has been fixed.

---

Password Manager Pro Release 8.0 (Build 8001) (May, 2015)

Bug Fixes

• PMP web GUI did not work properly with Chrome 43. This has been fixed.
• In PMP 64-bit Windows installation, when upgrading to PMP build 8000 from 7600, there were problems in carrying out remote reset of Windows and Windows Domain passwords. This has been fixed.

---

Password Manager Pro Release 8.0 (Build 8000) (May, 2015)

New Features & Enhancements

• Introducing Enterprise Edition: Designed for large enterprises, the Enterprise Edition combines enterprise-grade scalability, security, performance, and affordability facilitating highly secure and easy management of shared sensitive information. It also delivers robust functionality and advanced integration capabilities required by global enterprises while maintaining ease of use throughout.
• Resource and Account Discovery: Discover flavors of Windows, Linux, VMware and Network devices along with the privileged accounts associated with them (Available in Enterprise Edition)
• Performance enhancements in Home and Resource tabs: Improved application performance resulting in much faster responsiveness
• NERC-CIP Compliance Report: Automated, audit-ready compliance report for access control requirements of NERC-CIP

Changes & Bug Fixes

• An XML eXternal entity injection identified in XMLRPC API has been fixed.
• Earlier, when exporting reports (.xlsx) based on resource groups, the file size showed 0 KB. This has been fixed.
• The underlying technique for remote password reset for IBM AS400 resources has now been changed to SecureAS400 instead of AS400.

---

Password Manager Pro Release 7.6 (Build 7600) (March, 2015)

New Features / Enhancements:

• Password Manager Pro can now be installed on both Windows & Linux 64-bit machines. A separate build for 64-bit is now available. (High Availability set up requires that both primary and secondary installations run with same builds).
• Ticketing system configurations can now be selectively enforced/exempted for resource groups. Earlier, the setting took effect globally for all resources.
• While playing back recorded sessions, you can now skip any part of the recording and progress to any point through the seek bar feature added to the RDP player.
• Session shadowing is now supported for TELNET sessions too.

Changes / Bug Fixes:

• Earlier, when Password manager Pro was installed in /opt directory in Linux CentOS6, PMP did not start due to permission issue. This has been fixed.
• Password manager Pro now bundles Server JRE v1.7.0_71
• Earlier, there were erroneous text in role change email notification. This has been fixed.
• Earlier, there were issues in launching automatic connection to target systems when the user specifies the currently logged in AD account to connect with the remote resource. This has been fixed.
• Earlier, when access control had been enabled, if a super admin tries to move an account from one resource to another, it overwrites the account password with the account name. This has been fixed.

---

Password Manager Pro Release 7.5 (Build 7501) (Jan, 2015)

Enhancements & Bug Fixes:

• Out-of-the-box support for ManageEngine SDP MSP ticketing system.
• In PMP build 7500, as part of Active Directory integration (in Windows installations), when resource/user groups are imported from AD with spaces in group/OU names, the credential given for importing resources/users from the domain was written as a file name in the bin folder. This has been fixed.

---

Password Manager Pro Release 7.5 (Build 7500) (Jan, 2015)

New Features / Enhancements:

• Ticketing System Integration: PMP provides the option to integrate a range of ticketing systems to automatically validate service requests related to privileged access. The integration ensures that users can access authorized privileged passwords only with a valid ticket ID. This integration also extends to PMP workflow, which helps in granting approvals to access requests against automatic validation of corresponding service requests in the ticketing system. PMP readily integrates with ManageEngine ServiceDesk Plus, ServiceDesk Plus On-Demand and ServiceNow and provides option for integrating any enterprise ticketing system.
• Backend Database Upgrade: PosgreSQL, the backend database bundled with PMP upgraded from 9.2.1 to 9.2.4 .
• Option to enforce users to provide reason while retrieving passwords from password history.
• Option to export all certificate files with resource details.
• Option to clear password flags for IBM AIX accounts after successful password reset.

Changes / Bug Fixes:

• Earlier, in certain environments, connection to DropBox failed throwing SSL error when synchronizing data from PMP for offline access failed. This has been fixed.
• Earlier, while creating criteria group with account additional fields, search inside group being created (to test the new group) did not work in PMP with MS SQL and Postgre SQL as backend databases. This has been fixed now.
• Earlier, when importing users from CSV, same password was being generated for all users. This has been fixed now.
• PMP MSP Edition: Earlier, Resource group replication did not work for client orgs when editing a resource group. This has been fixed.

---

PMP Build 7105 (Nov, 2014)

Bug Fixes & Enhancements

• A SQL injection vulnerability identified in PMP has been fixed.
• A clickjacking vulnerability identified in PMP web application has been fixed.
• Earlier, when email notifications on change in access permissions had been disabled, two factor authentication could not be assigned in bulk. This has been fixed.
• Earlier, disabling the option to receive email notifications (upon the occurrence of audit events) as daily digest did not take effect. This has been fixed.
• Provision to view keyboard layout in other supported languages when launching remote RDP sessions from PMP.

---

PMP Build 7104 (Oct, 2014)

Bug Fix

• In PMP build 7103, resource group deletion did not work.This has been fixed.

---

PMP Build 7103 (Sep, 2014)

New Features & Enhancements:

• Session shadowing: Total control on privileged sessions with support for 'session shadowing', which enables administrators to closely monitor administrative access and terminate suspicious activities.
• ISO/IEC 27001:2013 compliance report: Automated, audit-ready compliance report for access control requirements of ISO/IEC 27001:2013.
• Auto logon using other domain accounts: Provision to launch a direct RDP connection with target resources using any domain account that is owned by / shared to the user. In addition, users can opt to use the currently logged in AD account too to connect with the remote resource.
• Support for configuring the port at which the Remote Desktop Service is running on the remote host. PMP will launch RDP sessions through the port specified.
• Multi-language support now available for PMP mobile apps (iPhone & iPad) too.
• Provision to check the validity of digital certificates (x.509 certificates) stored in PMP and to trigger alerts upon expiry.

Bug Fixes

• A filename Denial of Service Vulnerability identified in PMP has been fixed.
• Earlier, the HTTPONLY attribute had not been set in some cookies that were used to track a user's session. This has been fixed now. This ensures that it is not possible for the cookie to be accessed by scripting languages.
• Earlier, when single sign on had been enabled, PMP agents were not working. This has been fixed.
• Synchronizing offline data with DropBox failed due to some changes at DropBox end. Configurations in PMP have been changed to fix that.

---

PMP Build 7102 (Aug, 2014)

Bug Fixes

• Earlier, the batch or script file ReplicationPack.bat/sh used for replicating PMP database (with MySQL as back end database) was not working. This has been fixed.
• In PMP 7101, product license expiry alert was being triggered erroneously in certain scenarios. This has been fixed.

---

PMP Build 7101 (Aug, 2014)

New Features / Enhancements

• MSP admins managing the resources of multiple clients can now replicate resource or user group structure and certain settings across all managed client organizations.
• Option to enable /disable SSH session gateway, which allows launching remote terminal SSH sessions from browser.
• Actions such as sharing resources, transfer ownership and access control configuration can now be performed from the search result view itself.

Bug Fix

• Earlier, fetch and update of the scheduled task passwords on the target Windows 2008 servers failed in certain scenarios. This has been fixed.
• Earlier, if the username for logging in to PMP contained non-ascii characters, authentication failed. This has been fixed.
• Earlier, password reset operation through REST API was getting executed even when access control had been enabled for a resource. This has been fixed.
• Earlier, in PMP MSP edition, Cisco IOS password reset was not working in client organizations. This has been fixed.

---

Password Manager Pro Release 7.1 (Build 7100) (June, 2014)

New Features / Enhancements

Cloud Environment Password Management:

• Password Manager Pro now extends password management to cloud environments. Cloud managers can securely store, share, periodically change and control access to the management console or administration panel passwords of Microsoft Azure, Google Apps, Amazon Web Services and Rackspace accounts from PMP.
• This move helps safeguard cloud platforms from attacks on administrative accounts and overcome information security concerns besides tracking privileged account activity in the cloud to meet various regulatory compliance requirements.
• Four new resource types - Microsoft Azure, Google Apps, Amazon Web Services and Rackspace have been added in PMP.

New RESTful APIs:

• PMP already provides a good number of RESTful APIs, which help you to connect, interact and integrate any application with Password Manager Pro directly. Three new APIs have now been provided to add users, delete resources and approve/reject password access requests.

Share Resources from Home Tab & Global Search Results

• Option to share resources and accounts directly from 'Home Tab' and in Global Search results, avoiding the additional navigation to the 'Resources' tab.

Bug Fixes / Changes

• JVM crash issue fixed: In PMP 7002 & 7003, JVM crash was reported in certain environments during AD authentication and windows password reset. This has been fixed.
• When using SAML 2.0 for user authentication and single sign-on through federated identity management solutions, there was an issue when the web server certificate had been configured with a PKCS12 certificate. This has been fixed.
• Earlier, there was an issue in migrating the back-end database from MySQL to PostgreSQL resulting in migration failure. This has been fixed.
• The maximum characters count for BaseDN and Search Filter parameters for importing users from LDAP has been increased to accommodate a larger strings.

---

PMP Release 7.0 (Build 7003) (June, 2014)

Changes & Bug Fixes

• Fixed a backdoor issue through which SQL Injection was possible in PMP.

---

PMP Release 7.0 (Build 7002) (Apr, 2014)

New Features & Enhancements

• SAML 2.0 support: User authentication mechanism in Password Manager Pro has now been strengthened with SAML 2.0 support. Password Manager Pro now integrates with federated identity management solutions for single sign-on. Technically, Password Manager Pro acts as the SAML service provider, and it integrates with SAML identity providers. The new integration helps leverage the identity provider's authentication to access Password Manager Pro. Users who have deployed Okta, OneLogin or any other SAML identity provider can automatically log in to the Password Manager Pro application from the respective identity provider's GUI without supplying credentials, after configuring PMP with the identity provider.
• Session Shadowing: Session recording capability has been extended to enable real-time monitoring of sensitive privileged sessions launched by users. Administrators may also terminate sessions in real time if any suspicious activity is found, giving admins complete control over privileged sessions.
• Language Selection: PMP administrator can now select the language for all users in 'General Settings'. Password Manager Pro can be localized in Chinese, Japanese, Spanish, German, French, Polish.

Changes & Bug Fixes

• Password Manager Pro now bundles JRE v7u51
• For privileged session management, Password Manager Pro acts as the Gateway for launching Windows RDP and SSH sessions from the user's browser. These sessions are launched within a HTML5 compatible browser and the connection to the end devices are tunneled through the PMP server that acts as the session gateway, while also recording the session. In the latest versions of Chrome and Firefox, launching RDP sessions did not work. The screen closes immediately after launching the session. This has been fixed.
• PMP v7001 was identified to be having directory traversal vulnerability. This has been fixed by updating the RDP gateway.
• Earlier, when PMP was installed in other language boxes, audit trails were getting recorded in the respective language though the PMP web GUI was in English. This has been fixed.
• In v7001, when PMP license key with no multi-language support was installed, PMP stopped recording audit trails after a server restart. This has been fixed.
• Possibility for an XSS vulnerability (which can be triggered during authentication), was identified in PMP v7001. This has been fixed.
• Earlier, when configuring PMP to run in FIPS 140-2 compliant mode, nss libraries were required to be downloaded. Now, PMP uses nss v3.12.4 and it comes bundled with that.

---

PMP Release 7.0 (Build 7001) (Mar, 2014)

New Features & Enhancements

• Provision to localize Password Manager Pro (introduced in 7.0) has been enhanced now. PMP can be localized in Chinese, Japanese, Spanish, German, French, Polish.
• Provision to set any resource type as 'default type', which will remain the default selection in 'Add Resources' GUI
• PMP supports a good number of resource types for remote password reset. You can filter the types and choose to display only the required ones in the 'Resource Type' drop-down in 'Add Resources' GUI.
• Provision to create a link to a shared password and enable authorized users to quickly access that password as a pass card in the GUI

Bug Fixes, Changes

• When using PMP with MS SQL server as the backend database, under "Admin", the option to manage encryption key was missing. This has been fixed.
• In build 7000, the text field to search custom fields was not getting displayed in resources page. This has been fixed.
• When sharing resources of the type 'File Store' with 'Modify permission, changing file was not working. This has been fixed.
• Due to a typo in message display, the result for 'Verify Password' was being shown as 'Not in sync', when it was actually in sync. This has been fixed.

---

PMP Release 7.0 (Build 7000) (Jan, 2014)

New Features & Enhancements

• MSP Edition: A separate edition to help Managed Service Providers (MSPs) manage the passwords of each of their clients separately, from a single management console. Passwords can be securely shared between MSP administrators and their respective customers, making sure that users only get access to the passwords they own or ones that are shared with them. The solution offers the flexibility to entrust the control of the password vault to the MSP administrator, the end user or both, as desired.
• Data Center Remote Access Management: Provision to launch secure, one-click SSH/Telnet access to remote devices in data centers with full password management. Typically, data centers limit direct access to remote devices via SSH connections due to security reasons and network segmentation. Instead, data center admins working remotely must first connect to a landing server and then "hop" to the target system. Administrators can now configure landing servers and their login credentials and then associate them with the resources being managed by Password Manager Pro. In turn, admins can launch a one-click connection with the remote resources without worrying about the intermediate hops. While the admin experiences a direct connection, Password Manager Pro automatically executes all of the intermediate hops in the background, establishing a connection with each landing server and finally with the remote resource.
• PMP Speaks Your Language: Provision to get PMP working in your language. At present PMP can be localized in Chinese, Japanese, Spanish, German, French, and Polish languages.
• Bulk Operation Support: Features like session recording, auto logon for web apps and password reset can now be configured in bulk for many devices at one go.
• LDAP User Groups Synchronization: User groups in LDAP can now be automatically synchronized at periodic intervals with the user database in PMP.

Changes & Bug Fixes

---

PMP Build 6904 (Nov, 2013)

Bug Fixes

• In PMP v6903, when access control workflow had been enabled, when a password user checks-in a password after his usage, it was not being reset. This has been fixed now.

---

PMP Build 6903 (Sep, 2013)

New Features / Enhancements

• RADIUS / RADIUS-Compliant Authentication System for Two Factor Authentication: Option to leverage RADIUS server or any RADIUS Compliant two Factor Authentication system (like Vasco Digipass) for the second factor authentication.
• RESTful APIs: PMP now provides RESTful APIs, which help you to connect, interact and integrate any application with Password Manager Pro directly. The APIs also allow you to add resources, accounts, retrieve passwords, retrieve resource/account details and update passwords programmatically.

Bug Fixes

• At times, PMP login screen prompted users to enter the password again even when the password entered was correct. This has been fixed now.
• Earlier, there were issues in alphabetically sorting the entries in Resource tab and Home tab (when using PMP with PostgreSQL as the backend database). This has been fixed.
• When Access Control Workflow had been enabled, in certain environments, resetting of passwords of Netscreen devices after the end of the exclusive use period was not working. This has been fixed.
• In PMP v6902, when a user fails to check-in a password at the end of his usage period, PMP resorted to automatic check-in of passwords, but the password was not being reset. This has been fixed now.

---

PMP Build 6902 (July, 2013)

New Features / Enhancements

Google Authenticator for Two Factor Authentication

• PMP now provides the option to leverage Google Authenticator, a software based authentication token developed by Google as the second factor of authentication. Already, PMP supports PhoneFactor, RSA SecurID and a one-time, randomly generated unique password as the second level of authentication for two factor authentication.

Exporting Resource Groups

• Option to automatically export the resources belonging to specific resource groups by creating scheduled tasks. The data gets exported in the form of an encrypted HTML file.

Bug Fixes

• In PMP build 6901, there were problems in starting PMP when installed as secondary server in High Availability architecture in Linux machines. This has been fixed.

---

PMP Build 6901 (June, 2013)

New Features / Enhancements

• Support for launching PMP web-interface in Internet Explorer 10
• The implementation procedure for "Custom Listener", which enables providing your own implementation for Password Reset Listener, has now been simplified with the enhancements in the GUI. You need not have to edit the configuration files in PMP manually to enter the details about the implementation class. These details can now be provided through entries in GUI
• Enhancements to bolster the overall security posture of the product
  

Bug Fixes

• Earlier, when the administrator had restricted the users from viewing the passwords in plain-text when auto logon had been configured, in certain specific scenarios, there were issues in retrieving passwords even when auto logon had not been configured.  This has been fixed.
• Restrictions on the usage of weak ciphers in the product
  

---

PMP Release 6.9 (Build 6900) (May, 2013)

New Features / Enhancements

• PMP iPhone app is now available for download directly from App Store. Facilitates secure retrieval of privileged passwords and approval of access requests on the go. Provides offline access to privileged passwords too.
• "Custom Listener", a new feature that enables you to provide your own implementation for Password Reset Listener. With the provision to have your own listener implementation class (instead of just letting PMP execute the listener script provided by you), Custom Listener offers complete flexibility to execute any post password reset follow-up action.
• Provision for remote password synchronization of VMware ESXi resources through VMware vCenter API.

Bug Fixes

• Earlier, Active Directory User GUID check wan not included in AD authentication. This is included now.
• Administrators and Password Administrators can now filter and view all the resources that are owned by them in the 'Resources Tab' by selecting the 'All owned resources' option.

---

PMP Build 6803 (Mar, 2013)

Bug Fix

• In builds 6800, 6801 and 6802, Password Manager Pro client session launched from Internet Explorer was getting terminated intermittently. This has been fixed.

---

PMP Build 6802 (Feb, 2013)

Changes/Bug Fixes

• In builds 6800 and 6801 with PostgreSQL as backend database, the global search did not show results properly for Password Users. This has been fixed.
• Users who wish to migrate to PostgreSQL as the backend database from MySQL are now required to download PostgreSQL-9.2.1-Windows.zip (For Windows) / PostgreSQL-9.2.1-Linux.zip (For Linux) and then run the migration script.

---

PMP Build 6801 (Jan, 2013)

Enhancements/Changes/Bug Fixes

• Support for migrating data from PMP running with PostgreSQL as backend database to MS SQL server. Migrating data from MySQL to PostgreSQL is also supported.
• Build 6800 did not get installed properly when attempted to install in Linux as root user. This has been fixed.
• In build 6800, in some environments, the high availability status was not properly depicted. This has been fixed.

---

PMP Build 6800 (Dec, 2012)

Enhancement/Change

• Support for PostgreSQL as backend database. From this version onwards, the product comes bundled with PostgreSQL 9.2.1.

---

PMP Build 6701 (Oct, 2012)

Changes / Bug Fixes

• While adding the domain account as a resource, PMP provides the option to select the resource groups for service account reset. For every Windows system present in those groups, PMP will find out the services which use this domain account as service account, and automatically reset the service account password if this domain password is changed. In PMP build 6700, when a Windows domain account was added, the resource groups selected for service account management were not getting saved. As a result, the service account reset for the resources that are part of the selected resource groups did not work. This has been fixed now.

---

PMP Build 6700 (Oct, 2012)

New Features & Enhancements

Privileged Session Recording

• Privileged sessions launched from Password Manager Pro can now be recorded, archived and played back to support forensic audits and let enterprises monitor all actions performed by privileged accounts during privileged sessions. Password Manager Pro enables recording of Windows RDP, SSH and Telnet sessions launched from the product.

Auto Logon for Web Apps

• Option for enhanced auto logon to web applications by installing PMP bookmarklet on the browser bookmarks bar. PMP can be setup to auto-fill the login page of web applications with appropriate username/password information, to allow users to login to those apps with just a few clicks, instead of manually entering the information.

Manipulating Explorer Tree

• Provision to allow admin users to manipulate the entire explorer tree structure in any manner as they wish. Once this is option enabled, PMP creates an organization wide, global explorer tree structure containing the names of resource groups under a root node. Any administrator in PMP would be able to create/edit the explorer tree structure of resource groups. The tree structure will be accessible to all admins, password admins and end users. Admins and password admins can add their resource groups anywhere into the global tree and the whole structure will be available for view to all the end users. If this option is disabled, users can modify only their portion of the tree.

Password Access Control Report

• New report providing complete details about the password access control workflow scenario of your organization. List of resources for which access control has been enabled, resources for which access control is deactivated, resources for which the requests are automatically approved, list of password release requests approved/denied etc are depicted.

Changes / Bug Fixes

• Earlier, when resources were imported from active directory, certain values like display name, description and location were not properly populated in PMP. This has been fixed.
• Earlier, there were issues in adding additional fields (to enter password values) for resource types such as license store, file store and key store. This has been fixed.
• Earlier, there were issues in editing the files that were added through custom fields. This has been fixed.

---

PMP Build 6600 (July, 2012)

New Features & Enhancements

New Resource Types Support for Remote Password Synchronization

• Sun Oracle XSCF
• Sun Oracle ALOM
• Sun Oracle ILOM
• IBM AS400

Super-Administrator as 'Break Glass Account'

Provision to keep the super-administrator role as a break-glass account for emergency access to passwords. Hitherto, any administrator could change the role of another administrator (not himself) as super-administrator. PMP now provides the option to prevent administrators from creating super-administrators. Super-administrator role can be used as break glass account as explained below:

• Create a new administrator account in PMP and designate the new account as the Super-Administrator
• The new super-administrator will login and enforce the option of denying other administrators from creating super-administrators
• The login credentials of this super-administrator will be sealed and kept in a safe to be opened only for emergency access

PMP Agents

• When PMP agent is deployed in target resources for remote password reset, the resource and all its accounts will be automatically added to PMP
  Provision to configure synchronization for deletion of accounts in PMP when the corresponding account is deleted in the remote resource

Password History

• Password History now records the passwords of 'Failed' reset attempts too. This would be helpful in tracing the passwords in rare instances when the password gets reset in the resource, but not changed in PMP due to network issues.

New Browsers Support

• Support for launching PMP web-interface in Safari and Chrome

Reports

• Password Activity report now captures the list of resources for which automatic approval of access requests has been configured

Bug Fixes & Changes

• PMP GUI has been given a facelift
• Resources imported from Active Directory now contain DisplayName, Description, Location and other details
• Provision to notify users when a resource/resource group is shared or share permission is changed
• Earlier, when a file based additional field is created, Service Accounts could not be edited/saved with the Resource Groups for scanning. This has been fixed.

---

PMP Build 6504 & 6505 (June, 2012)

Bug Fix

• In PMP 6.5, when Active Directory authentication is used and when a domain account stored in PMP is used to automatically sync user information from AD, users were allowed to login regardless of the password being correct. This has been fixed.

---

PMP Build 6503 (March, 2012)

New Features/Bug Fixes/Changes

• Encryption Key Rotation: Provision to change the master encryption key either periodically as a best practice or at suspicion of key compromise. Fully automated steps to regenerate new key, decrypt all data with old key, encrypt them with new key and securely storing the new key.
• User Preferences Setting: PMP users can now set individual preferences for what view should be loaded by default in the 'Home', 'Resources', 'Audit' and 'Reports' tabs in the web user interface.

---

PMP Release 6.5 (March, 2012)

New Features & Enhancements
No-Frills Auto Logon for Launching Windows RDP and SSH Remote Terminal Sessions

• Leveraging the power of HTML 5, PMP 6.5 brings the first-in-class auto logon mechanisms for launching Windows RDP, SSH and Telnet sessions. While current solutions require inconvenient and insecure methods like end-point agents, helper programs at user desktop and browser plug-ins, the only requirement for PMP's cutting-edge solution is a HTML 5 compatible web browser. Users can launch highly secure and completely emulated Windows RDP, SSH and Telnet sessions from within the browser with a single click, not requiring any access to passwords
• Being HTML 5 compatible, users can launch Windows RDP and SSH sessions also from browsers in their tablet devices like iPad
• Provision for authenticating both with the local accounts as well as domain accounts for the launched Windows RDP sessions
• A new sub-tab named 'Auto Logon' has been introduced in Home Tab for easily locating the remote accounts and quickly launch one-click sessions

Secure, Offline Access to Passwords with Auto Sync

• Support for secure, offline access to passwords. Users will get an option to export the passwords in the form of an encrypted (AES-256 encryption) HTML file, which can be opened in browsers for offline access
• Provision to automatically synchronize the exported HTML file to users' mobile devices through Dropbox. From a single action in PMP user interface, the offline file lands in the users' Dropbox app in their smart phones or tablet devices
• Admins can configure PMP to automatically delete the exported files to users' Dropbox accounts after a set time period
• Admins can configure all passwords that were exported to be automatically reset in the remote systems after a set time period

---

PMP Release 6.4 - Build 6404

New Features / Bug Fixes / Changes

• Automatic Approval in Access Control Workflow
  Provision for automatic approval of password access requests. Users need not have to wait for approval by authorized administrators while going through the access control process.
• RADIUS Server Authentication
  RADIUS server can now be integrated with PMP for leveraging RADIUS authentication.
• List of Super Administrators
  List of all super administrators will be displayed in the information bar to all administrators, password administrators and auditors

---

PMP Release 6.4 - Build 6403

Bug Fixes / Changes

• Invoking auto logon helper in turn downloads a browser addon file. The SSL certificate that ensures trustworthiness of the addon has now been renewed.
• Earlier, user group activity report was not displayed properly on the dash board. This has been fixed.

---

PMP Build - 6402

New Features / Enhancements

• Dual encryption of passwords and files for extra security. Sensitive data are now encrypted once in the application (AES 256-bit) and once in database
• PMP can now be set-up to run in FIPS 140-2 compliant mode where all encryption in PMP is done through FIPS 140-2 certified systems and libraries
• Provision to prevent the execution of malicious code/script in the application to combat cross-site scripting
• Password Activity Report enhanced with details on the list of resources for which access control workflow has been activated/deactivated and also the resources for which access control workflow has not been configured
• New report depicting the resources / passwords that are not part of any resource group
• Provision to check integrity of passwords of a resource group with support for integrity verification on-demand & scheduled

Bug Fixes / Changes

• Earlier, two options were provided for managing encryption key in PMP - you were allowed to either leave it to be managed by PMP or move it to a secure location / external drive and manage it yourself. Now, the option of leaving it to be managed by PMP has been removed. PMP does not allow the encryption key to be stored within its installation folder. This is done to ensure that the encryption key and the encrypted data, in both live and backed-up database, do not reside together. It is strongly recommend that you move and store this encryption key outside of the machine in which PMP is installed - in another machine or an external drive.
• Earlier, when exporting the personal passwords, the custom fields were not shown in plain-text. This issue has been fixed.
• Earlier, through 'Admin >> Server Settings', when the PMP server port alone was changed, it threw an error. This has been fixed
• UTF-8 encoding support in MS SQL server

---

PMP Build - 6401

New Features / Enhancements

MS SQL Server as Backend Database

• Support for MS SQL server as the backend database in PMP.

High Availability Support with MS SQL Server

• Uninterrupted access to passwords by deploying redundant PMP servers and MS SQL database instances

AES 256 Encryption

• Support for AES 256 encryption for sensitive data when using MS SQL server as backened

Remote Password Reset of LDAP Servers

• Remote password reset support for LDAP servers belonging to the types Microsoft Active Directory, OpenLDAP, Oracle Internet Directory and Novell eDirectory

Password Reset Schedules

• Option for assigning the same password to all the accounts of a group of resources and changing the password automatically during every schedule

PMP Agents

• Prior to 6400, some of the communication between PMP server and agents was initiated by the server, which required the agents to keep a TCP port open. To eliminate this risk and the need to manipulate firewall rules to allow traffic to a non-standard port on the agent side, the communication model is changed where the agents always initiate communication with the server. The agents periodically check for tasks by opening a secure connection with the server and no longer need to have a port open in the system they are installed.

LDAP - PMP User Database Synchronization

• Whenever new users get added to the LDAP, provision to create synchronization schedules and automatically add the users to PMP and keep the user database in sync.

Active Directory

• Support for using the same user credential to import information from multiple domains, based on the privileges and trust setup in AD.

Copy Resources

• Provision to create copies of one or more resources to facilitate easy addition of identical resources

Copy/Move Accounts

• Provision to copy a single account or multiple accounts of a resource and adding the under one or more resources
• Provision to move an account or multiple accounts of a resource to a different resource or resources

Configuring Server Settings, SSL Certificates through GUI

• Support for changing the PMP server port and SSL certificates from PMP GUI. This eliminates the need for manually editing the configuration files

Custom SSH/Telnet ports

• Support for using any custom port for SSH and Telnet for connecting to remote resources

Instant Backup

• Support for taking one-time backup of PMP database anytime

Performance Enhancements

• The client responsiveness in 'Home' tab and 'Resources' tab have been optimized

Changes / Bug Fixes

• Earlier, there was an option to send notifications to users after importing them from Active Directory. This option has now been removed.
• Earlier, in LDAP user import, the OU and other details entered were not persisted. Now, the details are saved and displayed
• Earlier, while creating scheduled tasks for custom reports, the option to send the report to the users specified under 'other users' did not take effect. This has been fixed.
• Earlier, the password reset of Ubuntu resources did not work when 'sudo' had been used. This is fixed
• In Internet Explorer, there was an issue in auditing the reason entered by the users for retrieving a password using auto logon helper. This has been fixed
• Earlier, there were issues in editing the properties of resource groups. This has been fixed.
• The issue in generating AD user schedules report as a PDF has been fixed
• The issue related to exporting personal passwords as XLS has been fixed
• In PMP build 6400, the share permissions to the user groups imported from Active Directory did not take effect. This has been fixed.
• In certain scenarios, generating the 'User Access Report' as a PDF did not work. This has been fixed
• Earlier, when password access control had been enabled, in certain scenarios, when a user made a request to access a password, there were issues in sending email notifications for approval to the administrators. This has been fixed.
• Earlier, in High Availability set up with MySQL, when the slave database was restarted, PMP raised an alert stating High Availability was not alive. Now, in scenarios like this, PMP will double-check the status before raising the alert
• In personal password management, the issue related to deleting the personal categories has been fixed

---

PMP Release 6.3

Enhancements

• High Availability configuration simplified by adopting automation through scripts

Changes & Bug Fixes

• Vulnerability related to the printing of sensitive data in mysql binlogs has been fixed by bundling MySQL 5.1.50
• Earlier, there were problems in displaying the Active Directory synchronization schedule in GUI. This has been fixed
• Earlier, in certain cases, the 'Edit User' provision for the users imported from LDAP did not work. This has been fixed
• Earlier, when SMTP settings were modified, the details were saved, but GUI did not reflect the changes. This has been fixed
• Earlier, when setting High Availability and Live Backup, DNS lookup for secondary server / slave database threw error in certain environments. This has been fixed.
• Earlier, when multiple administrators were selected to approve password access requests in Access Control Workflow, there were issues in sending email notifications for approvals. This has been fixed. 
• Earlier, there were some issues when authentication was required for configuring SMTP mail server settings. This has been fixed. 
• Previously, password integrity check for Windows local accounts (which were not present in administrator group) did not work. This has been fixed.
• Earlier, when synchronization schedule had been created for resource import from active directory, newly added user accounts were not imported. This has been fixed.
• Earlier, audit trails pertaining to failed password reset events for certain resources were not recorded. This has been fixed now.

New Features / Enhancements

PhoneFactor Authentication

• ManageEngine has partnered with PhoneFactor, the leading provider of phone-based two-factor authentication for two-factor security for Password Manager Pro. Already, PMP supports RSA SecurID authentication and generating a one-time, randomly generated unique password as the second level of authentication for two factor authentication.

Smart Card Authentication

• If you have a smart card authentication system in your environment (such as US DoD Common Access Card (CAC)), you can configure Password Manager Pro to authenticate users with their smart cards, bypassing other first factor authentication methods like AD, LDAP or Local Authentication.

Custom Reports

• Support for creating customized reports out of the canned reports and audit reports. You can specify custom criteria and create customized reports as per your needs

High Availability

• Functional enhancements to High Availability architecture making it more stable and robust

Changes & Bug Fixes

• Hitherto, when synchronization schedule had been enabled for importing users from Active Directory, changes in email addresses in Active Directory did not get updated in PMP. This has been fixed now
• Earlier, as part of automated password integrity check, PMP made three attempts to verify the passwords on target systems. This led to lockout scenarios due to the IT policy related to failed login attempts. This has been changed now and PMP attempts to check password integrity only once
• Option to import resources from Active Directory with fully qualified domain name (fqdn) as the DNS name of the resource
• Verify password feature did not work for SYS accounts in Oracle 10g. This has been fixed
• Support to populate old password, when attempting to change the password of HP UX resources
• Option to specify the time period in minutes up to five digits while granting exclusive access to passwords (when enabling access control workflow)
• Earlier, in 'All Passwords' UI, at times, password field was displayed as undefined. This issue has been fixed
• Earlier, when entering a reason for password retrieval had been made mandatory, in some cases, copy to clipboard did not prompt reason column. This has been fixed

---

PMP Release 6.2 - Build 6201

New Features / Enhancements

SIEM Integration

• Provision for generating SNMP traps and Syslog messages upon the occurrence of any activity/event - be it password access or modification or any other activity performed in the PMP application. The traps/syslog messages can be sent to the SIEM tools, which can thoroughly analyze these events, correlate them with other network events and provide informative, holistic insights on the overall network activity.

Two Flavours of APIs for A-to-A Password Management

• Completely revamped provisions for Application-to-Application Password Management, which help eliminate hard-coded passwords in enterprise environments. PMP provides two flavors of the API - a comprehensive application API based on XML-RPC over HTTPS and a command line interface for scripts over secure shell (SSH), using which any enterprise application or command line script can programatically query PMP and retrieve passwords to connect with other applications or databases.

Local Service Account Password Rese

• Provision to find and reset all the local account passwords used for services and scheduled tasks in Windows resources

Enhancements in Bulk Password Reset

• Provision for bulk password reset by selecting multiple resources / resource groups
• Provision for bulk update of passwords in PMP database alone without updating on the actual resources

Reports

• Enhanced dashboard reports providing details on currently logged in users
• Provision to export all reports in '.xls' format

High Availability

• Enhancements in High Availability setup with provision for alerts on failure events

Bug Fixes / Changes

• Earlier, after carrying out a search operation, if one accessed the 'Enterprise Passwords' tab, while an empty page was shown in Firefox, a warning page came up in Internet Explorer. This issue has been fixed now
• Earlier, in Password Request-Release workflow, when the time limit for administrator approval was set as '0' indicating indefinite time period, the approval time period ended after some time. This has been fixed now
• Earlier, in certain cases, Windows remote password reset and password integrity verification failed. It has now been fixed
• Earlier, while implementing concurrency control in Password Request-Release workflow, the maximum time period up to which the password was to be available exclusively for a particular user was specified in hours. This has been changed to minutes to enable granting of exclusive privilege less than one hour
• Earlier, the view length of entries (passwords/resources) in PMP web-interface was not user-specific. It has been made user-specific now.
• Entries in password explorer tree in the 'Home Tab' are now sorted alphabetically
• Provision to control 'Manage Share' permissions for criteria-based resource groups
• Earlier, Single SignOn worked only with NTLM-v1. Now, it works with NTLM-v2 through integration with a third party library named 'Java Enterprise Security Provider Authority' (Jespa), which provides advanced integration between Microsoft Active Directory and Java applications
• Earlier, MD5 algorithm was used for hasing the PMP user passwords for local authentication. Now, SHA 512 is being used.
• Earlier, when Single Sign-On was enabled, audit entries related to user login to PMP were not recorded. This issue has been fixed now
• Earlier, in certain cases, scheduled tasks were not being executed. This issue has been fixed now
• Earlier, help documentation for Application-to-Application Password Management through XML-RPC API dealt only with using XML-RPC in Java. Now, the procedure for using it in other programming languages added.

---

PMP Release 6.1 - Build 6104

New Features / Enhancements

Nested Resource Groups

• Option to arrange and maintain resource groups in hierarchical structure (groups, sub-groups) for navigational convenience

Password Explorer

• 'Home' tab re-arranged in an intuitive way to provide easy access to the passwords owned and/or shared. The explorer contains the following components:
  • All My Passwords
  • My Recent Passwords
  • My Favourite Passwords
  • Nested Resource Group Tree

Remote Password Synchronization for Juniper Netscreen Devices

• Support for changing the privileged passwords of remote Juniper Netscreen devices from PMP GUI

Templates for Customizing Email Notification Content

• By default, PMP has a specific content for the email notification for various password actions. If you want, you can customize the content and have your own content.

Export Passwords of Resource Groups

• Option to export the passwords of specific resource groups alone

Bug Fixes & Changes

• MySQL version upgraded from 5.0.36 to 5.079
• Earlier, when there were large number of passwords, loading of the dashboard took some time. This has now been optimized
• Earlier, there were issues in carrying out password synchronization / verification using a single account in Linux. This has been fixed.
• Earlier, when Active Directory authentication was enabled, there were problems in logging in to PMP using the local authentication when a AD user was deleted. This has been fixed.
• Earlier, when a resource group name contained a single quote, the hierarchical arrangement of resource groups were not properly shown. This has been fixed now.
• Earlier, when the 'Personal Password' option was disabled for a Password User, the Password Explorer view became hidden. This has been fixed now.
• So far, no cipher was explicitly mentioned for encrypting the connection between the two MySQL database instances, used in high availability and live backup scenarios. Now this connection is also AES encrypted by choosing the DHE-RSA-AES256-SHA cipher for the SSL channel.
• The JDBC connection between the JRE (Java(TM) Runtime Environment) and the MySQL database is now encrypted by default, to eliminate the need to set it up separately.
• All user input submitted in the user interface are centrally validated to check for and discard harmful inputs that could cause scripting attacks like cross-site scripting (XSS) irrespective of case of the scripting content.

 

PMP 6002 - Bug Fixes & Changes

• All user input submitted in the user interface are centrally validated to check for and discard harmful inputs that could cause scripting attacks like cross-site scripting (XSS) or SQL injection.
• When password policies contained a special character in the policy name, there were issues getting the policy work after editing it. This has been fixed now
• Earlier, the 'verify password' operation failed for Linux and HP-UX target systems in certain environments. This has been fixed
• Earlier, the custom fields for accounts did not support special characters in name. This has been fixed
• Earlier, administrators were permitted to allow exclusive password access to a user for a maximum of 99 hours. Now, it has been modified to enter three-digit figures (in hours)
• In PMP 6001, while carrying out high availability setup, there were issues in creating the replication pack. This has been fixed
• Earlier, in PMP high availability set up, the /mysql/data folder was growing in size. This has been fixed

---

PMP Release 6

New Features / Enhancements

Password Access Control Workflow

• Support for password request-release workflow to enforce enhanced access control in the product. The user, who requires a password, will have to 'request the release' and one or more administrators will authorize the request. Password will be made available for the exclusive use of the user for a stipulated period of time. It will be automatically reset thereafter and the user will thereby forfeit the access.

Two-Factor Authentication

• Option to enforce users to identify themselves with two unique factors through two successive stages before they are granted access to PMP web-interface. While the existing authentication mechanism of PMP (native authentication / AD / LDAP) will be the first authentication factor, the second authentication factor could be either a unique password generated by PMP and sent through email or RSA SecurID one-time token, which changes every sixty seconds. For RSA part, PMP has entered into a technology partnership with RSA, The Security Division of EMC (NYSE: EMC).

Firefox 3 Plug-in

• PMP plug-in for Firefox 3 to enable copying of passwords to the clipboard and to invoke various operating system commands for automatically logging-in to target systems.

Flash 10 Support

• Support for copying of password to the clipboard when Flash 10 is used in conjunction with Firefox

Remote Password Reset

• Option to enter administrator credentials for resources / resource groups in bulk to configure password reset for target resources with ease

Password Policy

• Support to specify a password policy for many resources / resource groups at one go

PMP Login GUI

• If you have users from various domains, the PMP login screen will list-down all the domains in the drop-down. For ease of use, you may specify the domain used by the largest number of users or the frequently used domain in "General Settings". Once you do so, that domain will be shown selected by default in the PMP login GUI

New OS Support

• Support for installing PMP in Windows Server 2008

Changes/Bug Fixes

Importing Resources

• Earlier, when importing resources, if the list of resources imported by you contains any of the already existing resources, they were ignored and not added to PMP. Now, option is provided to override this rule.

Resource Type

• PMP supports managing the website login credentials. For ease of use, a new default resource type named 'Website Account' has now been added

Active Directory Integration

• When users are imported from domain, by default, email notification is sent to all the imported users. Now, an option has been provided to disable the Email notification.
• Earlier, if the password of the users imported from Active Directory contained special characters such as &, %, authentication failed. This has been fixed.

Reports

• PMP carries out periodic checks to ascertain if the passwords stored in the system and the ones in the actual resource are in sync with each other. The results are presented as 'Password Integrity Report'. Earlier, the integrity check was being done at 1 AM everyday. Now, an option has been provided to configure the integrity check timing.

Single SignOn

• Earlier, in IE 7, when Single SignOn was enabled and if PMP login failed, it was not possible to login to PMP with any other user name. This issue has been fixed now.

Usage of Single Quote in Email Address

• Single quotes are now allowed in the email addresses in PMP

---

PMP Release 5.4

New Features / Enhancements

Remote password synchronization for Oracle DB Server and Sybase ASE

• Support for changing the privileged passwords of remote Oracle DB servers and Sybase ASE from PMP GUI
• Periodic password synchronization check with remote resources now supported for Oracle DB servers and Sybase ASE

On demand check for Password Integrity

• Option to carry out 'on demand' verification to ascertain if the passwords stored in PMP are in sync with the actual passwords of remote resources

New Resource Creation in A-to-A Password Management

• PMP now supports resource creation also as part of Application-to-Application Management. New resources can now be created using the Password Management APIs

Support for non-English characters

• PMP now allows non-English characters in the data stored in the database. The user interface too allows non-English characters.

Use of 'sudo' for Privilege escalation

• PMP now allows the use of 'sudo' for privilege escalation in Linux/UNIX systems while doing password resets. This option is useful for systems where the 'root' login is disabled.

Agent-based password reset

• Remote password reset by deploying PMP agents in remote resources, is now supported for 'Windows Domain' resources

Audit Views

• The reason, as entered by the users for various password management activities, are now shown in a separate column in all audit views

Changes & Bug Fixes

• While importing users from AD, added provision for capturing AD tree structure in PMP with proper representation of OUs
• When Single Sign On was enabled, users connecting to PMP secondary server when Primary was running fine, were not redirected to the Primary. This issue has been fixed
• Earlier, when PMP primary server was powered off and reconnected again, it took a long time to do data synchronization between primary and secondary. This has now been fixed
• Issue related scheduling report generation has been fixed
• Earlier, users with the role 'Password Administrator' were not able to schedule password resets and password action notifications. This is now fixed.
• When password reset listener was invoked, PMP did not pass the old password of the respective resource as one of the arguments as expected. This has now been fixed.

---

PMP Release 5.3

New Features / Enhancements

• Out-of-the-box PCI DSS Compliance Reports
• Option to force users to provide a reason to access passwords
• Provision to display a common message in PMP GUI to all PMP users in the GUI
• Option to hide passwords for password users and auditors when auto logon is enabled
• Support for configuring the database backup destination directory

Changes/Bug Fixes

• Domain Controller connectivity check is now done based on network connectivity
• All items in the drop-down lists in PMP have now been sorted alphabetically
• Issue related allowing users to choose their own encryption key for managing personal passwords, has been fixed

---

PMP Release 5.2

New Features / Enhancements

Remote password synchronization for MySQL servers and HP ProCurve devices

• Support for changing the privileged passwords of remote MySQL servers and HP ProCurve devices from PMP GUI
• Periodic password synchronization check with remote resources now supported for MySQL servers and HP ProCurve devices

PMP in two editions

• PMP is now available in two editions - Standard and Premium. For more details, click here.

Reports in .xls format

• Support for generating all reports in .xls format

Changes / Bug Fixes

• If the PMP service is run with domain administrator privilege, passwords of all the local accounts in the computer (present in the domain) can be changed without the need for supplying the old password.
• While providing authentication details in Mail Server Settings, it is now possible to select an user account already present in PMP.
• Option to restrict users from providing their own encryption key for managing personal passwords (as part of general settings)

---

PMP Release 5.1

New Features / Enhancements

Remote password synchronization for Cisco devices, MS SQL servers

• Support for changing the privileged passwords of remote Cisco devices and MS SQL servers from PMP GUI
• Periodic password synchronization check with remote resources now supported for Cisco devices and MS SQL server

Helper for automatic login to target systems

• Support for automatically launching remote systems, devices and applications from PMP GUI eliminating the need for copy, paste of passwords

SSL connection with external identity stores

• Support for establishing connection with external identity stores and authentication systems (AD/LDAP) over encrypted channel

Windows Scheduled Task Password Reset

• Support for resetting the passwords of Windows scheduled tasks along with Windows service account password reset
• Windows service account and scheduled task password reset for multiple domains

Alerts for audit events

• Provision for sending notifications on the occurrence of any audit event
• Option for customizing the audit trails view
• Option to export audit records as PDF, CSV

Activity, integrity and compliance Reports

• Informative reports on passwords, sharing details, password usage, policy compliance, expiry details, user activity, user access details etc
• Automatically examining remote resources for password integrity everyday and providing out of sync reports
• Option for scheduling report generation and sending reports by email
• Option to periodically purge audit trails

Performance Improvements

• Performance tuning for improvement in client responsiveness

Changes & Bug Fixes

• Option to configure the timeout for display of passwords in plain text
• Notes field changed to accommodate more text
• Audit trails now capture traces on resource group addition, resource import from AD, password reset reason entered by users, result of scheduled synchronization of data with AD and password policy change details
• All default and custom fields included in the table column chooser
• Option to search by 'Domain Name' in advanced search
• Option to search the details entered in 'Notes' field
• Periodic synchronization of data in PMP with AD now includes user and resource group changes and deletion
• Issue with regard to editing criteria-based resource groups fixed
• Issue related to providing manage share of resource group to a user group fixed
• Issue related to copying passwords having certain special characters to clipboard has been fixed
• Option to copy personal password account name to clipboard
• Option to automatically clear clipboard data periodically
• Earlier, Password Management API did not work if the resource names contained white spaces. This issue has been fixed

---

PMP Release 5.0

New Features / Enhancements

High Availability Support

Uninterrupted access to passwords by deploying redundant PMP server and database instances

A-to-A, A-to-DB Password Management

Support for Application-to-Application/Database password retrieval and management by deploying 'Password Management APIs'

Windows Service Account Reset

Support for automatically resetting the passwords of associated windows service accounts when the domain account passwords are reset through PMP. Optionally the windows services could be restarted remotely to force the password change immediately

Password Reset Listener

Support for invoking a custom script or executable as a follow-up action to Password Reset action in PMP

Super Admin Support

Any administrator could be made as a 'Super Administrator' with privilege to view and manage all resources in PMP

Encryption Key Management

Provision for securely storing the unique encryption key (generated during PMP installation) somewhere outside PMP and instructing PMP to read it accordingly

Importing Users/Resources from Active Directory

• Provision for importing user accounts associated with the computers imported as resources from AD domain
• Provision to import specific users, groups and OUs from AD

Resource Type Customization

In addition to adding custom fields it is now also possible to remove built-in fields for the various resource types

Notification for Passwords Out of Sync

When the passwords present in PMP differ with those in the actual resource, notifications (informing the out of sync) could be sent to desired recipients

Dashboard Reports

• The 'Home' page in PMP GUI depicts key aspects on passwords and users as dashboard reports
• Other Reports: Detailed and snapshot reports for resources and users

Changes & Bug Fixes

• Importing resources/ users from CSV has been simplified with the removal of format restrictions. Entries in your CSV file could be mapped to specific fields in PMP from GUI
• Earlier, to do remote password synchronization for Linux resource type, two accounts (one root account & another remote login account) were mandatory. Now, this has been made optional through a configuration in General Settings. Remote reset could be done with only one account
• The PMP client responsiveness for certain queries was slow. Performance tuning has now been done
• Clipboard utility for copying passwords in Firefox browser in Linux OS did not work. This has now been fixed
• The animation effect during the display of user accounts has been done away with
• Listing of user names at various places in PMP has been standardized with the display of <First Name> <Last Name> in order
• Display of various listings in PMP has been standardized with alphabetical sorting
• Earlier, there were issues in capturing user audit when working with AD and Single SignOn enabled. This has now been fixed
• The attribute 'DN' has been made configurable while integrating LDAP servers of type other than Microsoft Active Directory, Novell eDirectory and OpenLDAP
• Earlier, creating criteria-based resource groups based on 'account name' did not work. This has been fixed
• The issue in applying filters to search results spanning over more than one page in 'Home' tab, has been fixed

---

PMP Release 4.8 (Build 4803)

New Features / Enhancements

• Support for securely storing different file types such as a license key, digital certificate, document, image etc. in PMP database
• Notifications on password policy violations
• Alert/Warning via email seven days ahead of password expiry
• Provision to import user groups from AD and keep PMP user database automatically in sync with Active Directory
• Provision to configure multiple domain controllers for redundancy in AD integration (user import and authentication)
• Provision to import computers and computer groups from AD and keep the PMP resource database automatically in sync with AD
• Support for importing users from Novell eDirectory interfaced through LDAP
• Delegating management of resources to other admins has been extended for criteria-based resource groups
• Resource-based quick view of passwords in 'Home' tab

Bug Fixes

• Hitherto, 'search' in PMP was case-sensitive. It has now been made case-insensitive
• While logging into the PMP application, the users imported from Active Directory had to use the exact case of the account name as present in the AD. This has now been made -insensitive
• PMP agent, when  installed in a folder not having enough privileges, threw errors. This has been fixed now.
• Issue related to LDAP authentication in OpenLDAP has been fixed

Changes

• The fields "Maximum Password Age" and "Reuse of old passwords" Password Policy Creation have been made optional

---

PMP Release 4.7 - Build 4701

Bug Fix

• When logged in as AD user, agent download was not happening. This issue has been fixed.

---

PMP Release 4.7 (Build 4700)

New Features / Enhancements

• Real-time notifications for password events like password retrieval, modification, expiry and change in access permissions
• Automated remote password changing based on configured schedules and events like password expiry
• Provision for setting password expiry dates and generating alerts and reports on password expiry
• Provision for delegating management of resources to other admins (sharing management of resources)
• Policy to enforce not to use recently used passwords
• Remote password reset now supported for IBM AIX, HP UNIX, Solaris and Mac OS types through SSH / Telnet
• Provision for creating policy with Windows style password complexity allowing one of numerals or special characters in the passwords
• Support for forcefully logging out users from PMP application based on pre-defined inactivity period
• Password generator now available during resource creation
• Password reset actions done through the 'Forgot Password' option in the login screen are now audited
• Provision for generating audit trails in PDF format and also to email the same

Bug Fixes

• Handled escaping of the apostrophes in inputs causing javascript errors (in user groups and resources)
• 'Forgot Password' features was accessible by typing the URL directly even if it was turned off. This is now fixed

Limitation

• The search in the product is now case sensitive

---

PMP Release 4.6 (Build 4600)

New Features / Enhancements

• Active Directory integration enhanced with provision for importing user groups
• Support for filtering and viewing passwords based on resource groups
• Provision for searching passwords and creating groups based on custom attributes
• Support for enabling windows single sign-on as part of AD integration. Users who have logged in to the windows system using their domain account need not separately sign in to PMP
• Default Reports: password details report and password policy compliance report
• Option to generate reports in PDF format and to email the same
• Support for viewing all attributes of a resource from 'Passwords View'
• Provision for 'Live Backup' through replicated database. Whenever a change happens in the 'Master Database', it will be instantaneously replicated to the 'Slave Database'
• New user role named 'Password Auditor' with privileges for viewing audit reports has been introduced
• Domain name included along with user names to keep AD users unique across domains
• Flexible general settings for switching on and off the following features on need basis:
  • Displaying/hiding 'Forgot Password' link in login page
  • Permitting/restricting personal password management for users
  • Sending/restricting Email intimation of passwords upon PMP user creation
  • Enforcing/exempting compliance to password policies
  • Enabling/disabling of remote password synchronization
  • Enabling/disabling local authentication along with AD/LDAP authentication
  • Show/hide passwords in exported resources list
• Support for sending mails through public SMTP servers such as gmail and others
• Support for Windows Vista OS
• Custom attributes visible to all users who have access to the password
• During user creation, option for administrators to specify the password for the users
• Provision for bulk transfer of resources
• Revamped GUI with improved navigation

Changes

• Earlier, while adding resources, the entry for IP address/DNS Name of the resource was mandatory. It has been made optional now
• Provision for entering first name, last name while adding users
• Hitherto, while entering the password for an account, users were not prompted to confirm the same. To ensure the correctness of password, confirmation dialog has been added now
• Latest version of MySQL (v 5.0.36) is now being bundled with PMP
• The professional evaluation version now allows adding up to 3 administrator users

Bug Fixes

• MySQL 'Access Denied' error in linux during server startup has been fixed
• Earlier, users could delete the default resource group automatically created by PMP. This has been fixed