23.1.2 Privileged Access Service Release Notes

This update includes the following features, updates, and other changes. These release notes cover information specific to Privileged Access Service.

New Features

Logging Enhancements for 23.1.2

  • This update includes log entries for API events including any updates to the following:
    • Roles
    • Systems
    • Settings
    • Tenant configurations regarding IP addresses
    • Logins
    • Privilege elevations
    • Machine resources.
  • Additional details have been integrated to log events when PE commands are deleted or edited, permissions are removed or added, systems are added or removed from a set, and when adding users to a portal.

Resolved Issues and Changes in HSPAS 23.1.2

  • Fixed an error with Cloud Suite Agent login where redirect users failed when 'Authenticate Profile' was set to 'Password + Mobile Auth'. (ref: 459211)
  • Fixed an error when the Web RDP to Windows System had the RDP settings 'Window Size' set to 'Full Screen', and scroll bars on the bottom right of the Web RDP session screen appeared. (ref: 512725)
  • Fixed an error where Alma Linux Cloud Suite Agents were not able to report their proper version and automatically upgrade. (ref: 518314)
  • Fixed an error where the DynamicInvoker would fail on a AWS hosted tenant when red rock queries were invoked for specific function calls due to additional required parameters. (ref: 525097)
  • Fixed a Privilege Elevation command failure where only one RunAs User was listed. (ref: 527216)
  • Cloud SuiteTenant has guardrails in place to prevent the execution of queries that return large result sets when gathering data from the events table. These queries are used when generating specific types of reports. During the execution of the reports, large query results may cause excessive strain on resources and impact the performance at both tenant and pod levels. An error in the source code was identified, which allows the system to ignore the existing guardrails and return results of any size. The update will enforce the guardrails and prevent excessively large queries during report generation, minimizing the impact on the Cloud SuiteCloud Suite Tenant's performance. (ref: 535762)
  • HSPAS now supports PostgreSQL 14 and 15. PostgreSQL 14 only supports SQL mode. Removed PostgreSQL version 11 because PostgreSQL no longer supports it. (ref: 536212, 564747)
  • Fixed the email authentication issues. When users select email as an option to authenticate to PAS, the user won't be seeing a URL link to authenticate in the email which the user has received. The user will have to manually enter the One Time Passcode where the user has initiated the login session. (ref: 469681)
  • Fixed the ability to log in or rotate passwords for AWS Cloud Provider Root Account. (ref:461023)
  • Fixed account password rotation for Multiplexed Accounts. Users with edit, delete and grant permissions for the Multiplex Account will automatically have view permission for such accounts. (ref:463715)
  • Fixed an issue when emailing reports of "HTML Table" export type with report parameters of integer type would fail. (ref:466537)
  • HTML requests to reports data provider RedRock endpoint are protected with the user's role report management. (ref:468164)
  • Fixed IOS enrollment issues affecting some tenants who were unable to enroll on the IOS mobile app. (ref:470660)
  • Fixed adding command sets to Global Privilege Elevation. Users will now be able to add command sets. (ref:474752)
  • Fixed Privilege Elevation addition wizard for enrolled system second step. The add button is enabled only when 'user', 'group', or 'role' is chosen. (ref:474862)
  • Errors in the workflow process were corrected, allowing access to secrets. (ref:464006)

Resolved Issues and Changes in 23.1 HF9

  • Fixed an issue where the system failed to account for Cisco SSH templates using a 'host' field instead of the typical 'machine' or 'domain' fields found in other UNIX SSH templates. (ref: 478014)

  • Improved security around OTP Code verification. (ref: 578891)

Resolved Issues and Changes in 23.1 HF8

  • Added support for PostgreSQL 15 on RHEL 9.2 with HSPAS.

  • Discontinued support for PLV8 on HSPAS. Users should switch to using FastSQL instead. Before data migration, make sure that all PLV8 extensions are dropped.

Resolved Issues and Changes in 23.1 HF7

  • Fixed a security issue where directory listing information was not properly restricted via an API endpoint. (ref: 551074)

  • Fixed a security issue where unrestricted file download was possible through an API. (ref: 551072)

Known Issues

MFA Known Issues

  • CBE functions are not working in the Firefox browser. When trying to log in as an AWS root user in the Firefox browser, CBE does not log you in and the rotation does not work.

  • The download for the AWS root user is not available on the Chrome/Edge browser. When trying to log in as an AWS root user in the Chrome/Edge browser, CBE does not log you in and the password rotation does not work.

  • The chromium extension instructions on the HSPAS portal is not working. The link to the detailed manual steps to install the extension does not work.