Categoria
Versione prodotto
Argomento
Argomento secondario
Safeguard for Privileged Sessions and vulnerabilities CVE-2022-3602, CVE-2022-3786 (4369287)
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. ... Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer.
Enhancement request to provide option to rename the built-in admin (4370230)
Enhancement request to provide option to rename the built-in admin.
What setting does SPS connection polices need for them to show up in SPP? (4369226)
In version 7, SPS connection policies will only show up in SPP if they meet certain requirements. ... <p><span class="uiOutputText" dir="ltr"> </span></p>
What is the One Identity Return Merchandise Authorization (RMA) process? (4360718)
To request a RMA number, the customer must submit a service request via the Support Portal, or by calling Support using one of the Regional Contact Numbers listed here. ... One Identity Support may request additional information when shipping an RMA to certain countries.
CVE-2024-40595 Authentication Bypass Vulnerability (4376565)
An authentication bypass vulnerability in the RDP component of One Identity Safeguard for Privileged Sessions allows man-in-the-middle attackers to obtain unencrypted information to access privileged sessions on target resources.<br><br>This vulnerability is identified by CVE-2024-40595.
When upgrading to SPS 8.0 LTS getting error "Connection failed, Server is unaccessible, shut down, or not servicing requests." (4378477)
This is being investigated as Defect 478663. ... Workaround ... There is not currently a workaround for this issue. ... RESOLUTION ... This will be investigated for inclusion in an upcoming version of the product.
Establishing RDP Sessions using mtsc /admin not working on SPS after upgrade (4378449)
After upgrading attempts to connect to the destination using mstsc /admin are now failing where they previously worked. ... The function for 'mstsc /admin' had not previously been tested and officially supported.
HTTP proxy does not support Server Name Indication (SNI) (4378470)
Currently, server_name information extracted from TLS client hello is never forwarded from the client side to the server side. ... The HTTP Proxy does not currently support SNI because the proxy is not properly forwarding the SNI value to the server.
Unable to connect via RDP to target server using hostname but this works using the IP address (4378422)
Users can connect using the IP address of the target server but when trying to connect using the target server hostname, RDP Session fails. ... Target address is denied by policy; host='SERVERNAME.DOMAIN.COM', port='3389'
Creating a Support Bundle with reproduction (4308749)
This guide details the steps on how to create a Support Bundle with reproduction <p>To create a Support Bundle with reproduction, follow the steps below.</p> ... to 8 at the Global options on the Web UI<br> Hint: Starting from version 6.0 you can elevate log level on a per connection policy basis.
SPS Managed Host nodes show offline status (4336187)
When checking the SPS cluster management page, the Managed Host nodes are listed with Offline status. ... Offline status means Status information was sent by the node longer than 60 seconds ago. ... This can also happen when the SPS node's time is out of sync.
What ports are used for Safeguard for Privileged Sessions cluster communication? (4209772)
What ports are used for Safeguard for Privileged Sessions cluster communication? <p>From the One Identity Safeguard for Privileged Sessions Administration Guide:</p> ... <p>"Nodes in the cluster connect to each other using IPsec, which requires UDP ports 500, 4500 and 123 (for NTP) to be open in the firewalls between the nodes."</p>
Recover from full disk situation (4278430)
SPS uses ext4 filesystem that has 5% of reserved blocks configured by default. ... You can free up this reserved space temporarily and run an archiving or cleanup to get some free space. ... -------------------
Mouse pointer not changing shape when resizing windows in RDP sessions (4329278)
There may be occurrences when the mouse cursor does not change properly to its resize icon version in Windows 10 over RDP when using SPS. ... Instead of that it remains as it is. ... This brings a small usability issue to the table, as you have to be very precise with your mouse in order to resize a window.
Policy on safeguard password missing (4377805)
After configuring the policy on primary SPP and reboot all members in the cluster (SPP, SPS) the SPS connection policy on SPP is not shown then it reappears and the issue repeats itself causing intermittent session failure.
Internal server error on old audit trail replay in case of node-id change (4377925)
When changing the SPS node ID, audit trails recorded before this change will not be replayable or downloadable on the given SPS (standalone, non managed / non search cluster) node and will show the error below.
New License requirement in One Identity Safeguard for Privileged Sessions 8.0 LTS (4377758)
To avoid possible downtimes due to certain features not being available, before starting the upgrade, ensure that you have a valid SPS license for 8.0 LTS. ... Upgrade as follows ... 1. Perform the upgrade to 8.0 LTS with your current license.
Compatibility Matrix for software version installs on SPP and SPS hardware appliances (4377774)
The tables below show software versions that are tested and supported for installation on the corresponding SPP and SPS hardware models. ... (EOL) means the software version or hardware support is discontinued.
What firewall ports are required for use with SPS? (4336234)
Is there a list of firewall ports required to be open for SPS to work correctly? <div> ... <div><strong>- Cluster:</strong></div> ... <div>- SPS Nodes connect to each other using IPsec:</div> ... <div>Port 500 (UDP)</div>
Read only ACL breaks video playback from Search menu (4377564)
Video playback should work even if the auditor user has only read rights on Search ACLs. ... A 'testUser' user account without administrator rights; this user is the member of a 'testGroup', which has read rights on the following ACLs under the Users & Access Control -> Appliance Access menu:
Compatibility of SPP and SPS versions (4299508)
More details are below. ... Versions need to be synchronized during an upgrade. ... For example, it is expected that SPS version 6.6 can be joined to SPP version 6.6, and if you upgrade SPS to version 6.7, you must also upgrade SPP to 6.7.
RDP Slowness / Connection Breaks / DNS Timeout (4372269)
Adding any route into SPS routing table breaks RDP session in a weird way. ... Session keeps connecting, asking for credentials in never-ending loops, but the session never establishes.<br>Experiencing slowness in HTTP connections.<br><br>Establishing a monitored connection has been slow from version 6 LTS to 7 LTS.
Recovering from a Split-Brain situation (4303029)
A split brain situation is caused by a temporary failure of the network link between the cluster nodes, resulting in both nodes switching to the active (master) role while disconnected. ... This might cause new data (for example, audit trails) to be created on both nodes without being replicated to the other node.
How to use Custom Platforms in Safeguard (4209805)
How can I create a Custom Platform in Safeguard for Privileged Passwords <p>The ability to create Custom Platforms was added in Safeguard 2.4. ... These can be used in cases where the built in platforms that are shipped with the product are not compatible with the assets you are looking to manage.<br><br>Custom Platform supports SSH (from 2.4), TN3270 (from 2.7), Telnet (from 2.8) and HTTP (from 2.8)<br><br>To utilize a Custom Platform, an Asset Administrator adds a Custom Platform.
Can Azure AD users log into Safeguard for Privileged Sessions (4280366)
SPS version 7.1 and above added support for federated login with SAML2 ... The SPS web interface now supports federated authentication and single sign-on with SAML2.
Associazione di nuovi prodotti
- Strumenti self-service
- Knowledge Base
- Notifiche e avvisi
- Supporto prodotti
- Download di software
- Documentazione tecnica
- Forum utente
- Esercitazioni video
- Feed RSS
- In primo piano
- OSX RDP 10.8.2 Connection Errors
- Compatibility of SPP and SPS versions
- Safeguard for Privileged Session critical notification for KB 336007
- Changes to licensing in SPS 6.0
- Central List of documented CVE's
- Compatibility of SPP and SPS versions
- Contatti
- Supporto tecnico
- Visualizza tutto