3.6.0 Release Notes

11min

These Release Notes offer an overview of the enhancements, new features, and resolved issues incorporated into Kron PAM 3.6.0. For detailed instructions and information, please consult the Reference Guide.

Contact Us

Contact us at [email protected]. Please note that only registered users can contact the support team. 

Release Summary

Below is a comprehensive list of the changes, additions, and fixes integrated into the 3.6.0 version of Kron PAM.

Session Manager

  • Users are now able to connect to devices by entering the IP address, restricted on a subnet basis. This feature provides greater flexibility by allowing connections to devices that are not part of the predefined inventory, improving accessibility in dynamic environments.
  • Increased file transfer speed for RDP connections, enhancing user experience by reducing waiting times and improving productivity during remote sessions.
  • Added the ability to set a minimum character limit in the "connection reason" field for SSH and RDP connections, ensuring that users provide detailed and meaningful reasons for access, thereby improving auditing and security.
  • Enabled access to web applications and sub-links from the Kron PAM device inventory interface, allowing users to navigate directly to related resources.
  • Added support for HTTP Proxy to allow access to subdomains, which expands the scope of accessible resources, making it easier to manage subdomain-related activities through a secure proxy.
  • Introduced the ability to dismiss the warning message shown to the end-user in the Wire-to-Session feature.
  • Enhanced SSH connections by adding support for new MAC algorithms: “hmac-sha2-256, hmac-sha2-512, [email protected], [email protected], [email protected]”, improving the security and compatibility.
  • Credentials can now be assigned with a validity date range, supporting temporary assigned credentials. This feature allows administrators to provide time-limited access, enhancing security by ensuring credentials expire when no longer needed.
  • Fixed an issue with Turkish characters when creating drives in RDP connections, ensuring compatibility and correct display of language-specific characters.
  • Sessions are now automatically terminated when their reserved end time expires.
  • Added secure remote connector support for SFTP connections, enhancing the security of file transfers to remote locations.

Secure Remote Access

  • Improved Secure Remote Access licensing to ensure only users authorized for secure remote access are licensed. This feature optimizes licensing management, ensuring compliance and cost-effectiveness.

Password Vault

  • Added the ability to manually set passwords for Password Vault accounts and apply them to target devices, allowing greater control and customization of password policies for specific accounts.
  • Introduced a password blacklist feature that warns users when selecting restricted passwords for new accounts in Password Vault, improving security by discouraging the use of weak or commonly compromised passwords.
  • Added a Recycle Bin feature to Password Vault for account recovery, providing a safety net for accidental deletions by allowing recovery of deleted accounts within a configurable timeframe.
  • Added a password generator to Password Vault, allowing users to generate complex passwords that meet security requirements, thereby simplifying the creation of secure credentials.
  • Enabled application triggers to restart Windows services sequentially, which ensures that dependent services are restarted in the correct order, reducing the risk of system errors.
  • Added support for managing Azure Application Keys with Password Vault.
  • Updated Password Vault RESTful API to return data in JSON format, improving integration capabilities with external systems by providing a widely used data format.
  • Enabled bulk deletion of configurations connected to a Password Vault account when the account is deleted, making it easier to clean up associated configurations and maintain system hygiene.
  • Added a Request per Second (RPS) Limiter for Application Token Requests, which helps manage server load and prevent abuse by limiting the frequency of token requests.
  • Introduced the ability to mask vault account passwords in the bulk import screen, enhancing security during data import by preventing sensitive information from being exposed.

Multi-Factor Authentication (MFA)

  • Fixed an issue related to country codes in phone numbers during SMS delivery, ensuring that SMS messages for MFA reach the correct recipients without formatting issues.
  • Added different authorization levels for managing MFA screens based on user roles, allowing for more granular control over MFA management, which enhances security and delegation of administrative tasks.
  • Introduced MFA verification using push notifications, providing users with a convenient and secure way to verify their identity without relying solely on SMS or email.
  • Added authorization configuration for the "Show Simple Token" feature, allowing administrators to control who can access simpler authentication methods, thus enhancing security management.

Database Access Manager / Dynamic Data Masking

  • Implemented a node tracking process for ZooKeeper, improving system reliability by ensuring proper coordination and tracking of distributed nodes in clustered environments.
  • Enhanced the database discovery feature for improved efficiency, making it easier and faster to discover new databases that need to be managed and protected.
  • Added data classification and compliance reporting to the Sensitive Data Discovery feature, allowing organizations to classify data based on compliance requirements and generate reports, which helps in meeting regulatory standards.
  • Introduced a Vulnerability Scanner to classify target databases based on CVE scores, enabling proactive identification of vulnerabilities and aiding in securing database environments.

EPM Agent for Windows

  • Integrated VirusTotal for reporting the risk scores of discovered applications, allowing administrators to assess the risk associated with unknown or new applications and take appropriate action based on the reported scores.
  • Active EPM sessions can be killed on the Kron PAM portal, providing administrators with greater control over active sessions, helping to prevent unauthorized or prolonged access.
  • After a defined time, unreachable EPM agents remove themselves from the inventory, ensuring that the inventory remains up to date and reducing clutter from inactive agents.
  • When Windows changes the IP address, this change is transferred to Kron PAM, ensuring that the system has accurate and current information about the endpoint devices.
  • Increased log details for policies, providing more comprehensive logging information that assists in troubleshooting and auditing policy enforcement.
  • UI/UX improvements in the configuration screen, enhancing the user experience by making configuration settings more intuitive and easier to navigate.

EPM Agent for Linux

  • Added support for Red Hat 9, ensuring compatibility with the latest version of this popular Linux distribution and expanding the range of supported operating systems.

Multitenancy

  • Introduced the ability to configure separate SAML provider settings for different tenants, enabling each tenant to use their own identity provider settings, which enhances the flexibility and security of tenant-specific authentication.

Kron PAM Desktop Client / Kron PAM Mobile Application

  • Added the ability to customize the client by adding a customer logo to the Kron PAM Desktop Client, providing a branded experience that aligns with customer identity.
  • Added Windows Authentication support to the Kron PAM Desktop Client, allowing users to authenticate using their Windows credentials, simplifying the login process and enhancing security.
  • Improved the display of the time format in approval requests on the Kron PAM Mobile Application, ensuring that the time information is clear and consistent with user expectations.
  • Fixed a UX issue on the connection screen of the Kron PAM Mobile App, providing a smoother and more intuitive user experience during remote connections.
  • Introduced MFA verification via push notifications for the Kron PAM Mobile App, offering an additional layer of security and convenience for mobile users.

Platform Features

  • Added Public Key Infrastructure (PKI) Authentication support for the Kron PAM Portal, providing an additional secure method for user authentication by using digital certificates.
  • Made frontend and backend improvements to the Privileged Task Automation module, enhancing performance, usability, and the range of tasks that can be automated.
  • Added integration with VMware for automatic and regular import of virtual servers into Kron PAM, streamlining the process of adding and managing virtual assets.
  • Introduced a second confirmation step to prevent accidental deletion of Active Directory/LDAP servers, reducing the risk of inadvertent configuration changes that could disrupt access.
  • Added a second confirmation step to prevent accidental deletion of policy keys, ensuring critical security policies are not deleted unintentionally.
  • Implemented various UI/UX improvements, making the overall interface more intuitive and user-friendly.
  • Updated Kron PAM service names in the Monitoring menu, ensuring consistency and clarity in service identification.
  • Limited the System Information menu to authorized users only, providing an additional security layer to restrict sensitive information access.
  • Enabled reporting dashboards to be listed according to user authorization, ensuring users can only access relevant information based on their roles and permissions.
  • Enabled customization of the Kron PAM logo and login screen background images, allowing organizations to personalize the user interface according to their branding.
  • Improved CMDB device import functionality, enhancing the accuracy and efficiency of importing configuration management data.