Imprivata Privileged Access Management Product Update 2.3.202008092318
August 9, 2020
PAM Update: Added the option to display Administrative Messages for users, added support for PPK key format when connecting to remote servers or rotating keys
This update added the option to display Administrative Messages (Message of the Day) for all users and added support for PPK (PuTTY generated) key format when connecting to remote servers and rotating public keys.
Added the option to display Administrative Messages for all users
The update added the option for system administrators to define Administrative Messages (Message of the Day) displayed for all system users on the record list screen.
Both users and administrators can review past messages using the Management / Messages page.
The option provides a mechanism for system administrators to quickly communicate maintenance times, configuration and policy updates, new vaults, folders or records created, or new software options available to all system users.
Added support for PPK (PuTTY generated) key format when connecting to remote servers and rotating keys
The update simplifies the management of remote Unix servers by allowing administrators to use Private Keys in PPK format without the need to convert it to PEM RSA format before uploading the key to the record or using it in discovery query.
PPK format is a private key format generated by popular Windows SSH client PuTTY.
The update also enables the option to rotate PPK public keys on the remote servers.
The option accelerate the adoption of PAM best practices without disturbing existing access workflows.
Restricted cryptographic protocol of internal components to TLS v1.2
The update tightens the security of internal components restricting cryptographic protocol to TLS v1.2 disabling previous versions or TLS as well as SSL protocols.
The update affects WEB Session Manager (default port 4822) and Local User Directory services (default port 10636). Note that both services supported TLS v1.2 previously.
PAM WEB Server communicated with both affected services using TLS v1.2 protocol protected by the on-site generated certificates for all existing deployments.
The update disables the hypothetical option for WEB Session Manager and User Directory services to accept old protocols attempted by third party actors which usually do not possess the certificates and cannot access usually closed ports.