Imprivata Privileged Access Management Product Update 2.3.201902242229

February 24, 2019

PAM Update: Adds Secure-IDs option to prevent an external observer to enumerate or scan system objects

Highlights of this update include the Secure-IDs option to hash internal object IDs prevent an external observer to enumerate or scan system objects by IDs.

The update enables the option to display and to require all internal object IDs in the system in the randomized form for both GUI and API interfaces to prevent an external observer to enumerate the system objects.

The option is controlled by the system parameters xtam.secured.ids=true and could be disabled.

The option also allows disabling strict check of the Secured-IDs passed to GUI and API functions for backward compatibility with the existing URLs and scripts controlled by the option xtam.secured.ids.strict=true enabled by default in new installations.

Note that the option provides a deterministic algorithm to hash IDs matching the same Secure-ID for the same internal ID. The option could be safely enabled and disabled during operations without effect on the internal system integrity. However, the external scripts using system API might be affected in case they used hard coded IDs or relied on the fact that system internal IDs are numbers. New hashed IDs are strings.

The option is enabled by default for all new deployments but could be disabled using the system properties discussed above. The option is not enabled for the existing installations but it could be enabled using the same parameters in the configuration files.