Secret Server Release Notes 10.5.000000

Release Date: 7/10/2018

Enhancements

SAML

  • Added a new SAML configuration page so SSO providers can be configured without modifying the saml.config file.

UI Updates

  • Subfolders can now be created within a user's Personal Folder.
  • The login screen domain dropdown menu can now be disabled for customers that wish to hide the list of domains.
  • Added auditing for the following configuration changes: Character Sets, Password Requirements, Event Subscriptions, Role names, Backups, Custom Password Changers, Licenses, and Database Connections.
  • Added export functionality for Heartbeat logs, Remote Password Changing logs, Discovery logs, and Computer Scan logs.
  • Failed password changes now display an error within the Secret View UI and a link to a Remote Password Changing Errors KB article.
  • If using multiple devices per user in Duo Security for two factor logins, Secret Server will now show the Device Name set in the Duo admin portal next to each device.

Discovery

  • Added Discovery settings to scan for open ports on target machines, connect to specific ports, and set a default timeout for port scanning.
  • Added a Discovery scanner setting for excluding services, tasks, or application pools by name.
  • Added new Diagnostic logs to address duplicate Discovery Scan items.

Password Changing

  • Auto Change Schedules can now be configured so that they will trigger a password change even if the Secret is not expired.
  • Added the ability to rotate SSH Keys with no passphrase required.

Reporting

  • Added Session Revocations to the User Audit report.

  • Added IP addresses to the login failure report.

  • Added new chart options for custom SQL reports.

  • Added the ability to configure AS400 Password Changers.

  • Enhanced Secret Server's ability to process larger message sizes. Secret Server'

  • Distributed Engines now send operation results back to Secret Server through the Site Connector instead of sending them via website.

  • Ticket System Integration can now be configured to work over Distributed Engine.

  • Improved System Log Searching in active environments.

  • Added new Syslog event messages for SIEM integration and enhanced log messaging.

Security Enhancements

  • Added a configuration setting to change the default role that a new user receives.
  • Added the ability to audit certificate verification errors for Active Directory calls over LDAPS and syslog connections using Secure TCP.
  • Added the ability to send a client certificate with Active Directory calls over LDAPS or syslog connection using Secure TCP.

Bug Fixes

  • Fixed issue where Secret Policy changes would not apply to all Secrets.
  • Fixed issue where Service Account Discovery could timeout and flag Secret Dependencies for removal.
  • Fixed issue where Two Factor could prevent a "Login Failed" audit on the user; added new logging details in the Audit User Log if errors do occur from Two Factor authentication.
  • Fixed issue where excluding OUs from Discovery scans prevented computers from being deleted when they were removed from AD.
  • Fixed condition in certain environments where the auto-change Secrets were not changing properly.
  • Improved performance of the Discovery Stored Procedure for specific OUs scanning to avoid timeout in large environments.
  • Fixed a logging exception in Monitor Logging.
  • Resolved a permission error in certain environments that occurred during Local Account Discovery Scans.
  • Fixed issue where integrated Windows login requests were building up in the tbOauthExpiration table.
  • Fixed issue where columns could not be sorted in Discovery Network View.
  • Fixed issue where queued RabbitMQ messages were lost if RabbitMQ was restarted.
  • Fixed bug where an email config port change was logging the new port as the old port.
  • Fixed an issue with SQL Replication where indexes on indexed views were not replicated.
  • Fixed issue where a DependencyResolutionException could occur on the Login page and prevent use of site until an IIS reset was performed.
  • Fixed issue with SSH password rotation/Heartbeat connections that were reporting "Unexpectedly inactive."
  • Fixed issue where the Secret Server Clipboard Utility could not be installed with Chrome 67.
  • Fixed issue where the dashboard Add Content dropdown displayed below the Secrets table.
  • Fixed null reference bug that occurred when autocomplete textboxes were used in lieu of a dropdown for the Group/User selector.
  • Fixed bug in Password Changing where a large number of Secrets targeting the same resource for certain password changers could prevent processing.
  • Fixed issue where root folders could be created through the CSV import process while that user did not have the Create Root Folders role permission.
  • Fixed an issue that could cause occasional black flickering to appear in Session Recording videos.
  • Fixed issue where users could be logged out of Secret Server due to inactivity while actively browsing certain pages.
  • Fixed issue where new Secrets displayed the option to save to a user's Personal Folder even if Personal Folders were disabled.
  • Fixed issue where Discovery local account scans were parsing unnecessary data and taking more time than necessary in large Active Directory domains
  • Fixed issue where changes to Users would not save when extremely large numbers of AD groups were being synchronized.
  • Fixed issue with custom Powershell Ticket System integrations where entering a ticket number to view a Secret would produce an error.
  • Fixed issue where creating a new Event Subscription would fail when specifying a user or group.
  • Fixed issue where the REST API would not correctly implement the "Require Two Factor for Web Services" configuration option.
  • Fixed issue where Heartbeat could be stuck in Pending status.
  • Fixed issue where creating new Folders would fail when there were no other Folders.
  • Fixed condition in certain environments where the auto-change Secrets were not changing properly.
  • Fixed issue where Dashboard searching was slow in environments with large numbers of Secrets.
  • Use of SAML while Virtual Assist Keyboard is disabled no longer causes Virtual Assist Keyboard to appear.

Security Fixes

  • Fixed issue with Unlimited Admin permissions and managing Groups.
  • Deprecated TLS 1.0 in Security Hardening Check.
  • Fixed issue with script names.
  • Fixed issue with Upgrade Status log.