BeyondInsight and Password Safe 22.2.2 Release Notes
July 26, 2022
Issues Resolved:
Resolved permission issue in TeamPasswords.
Resolved authentication issue in which the RADIUS fallback server was not respected.
Resolved database upgrade failure for some customers who have mapped Azure AD users.
Resolved issue in which the user interface allowed Azure AD users to attempt to change their password.
Resolved Azure AD authentication issue related to PRA / Password Safe integration.
Resolved SCIM connector issue in which the /GET containers endpoint was returning a 500 error.
Known Issues:
When using the ps_automate session utility and configured to use the Firefox browser to a website using a self-signed certificate and the IgnoreCerts flag, the login is successful but the webpage does not respond. Workarounds: use a different browser, use a valid (not self-signed) certificate, after login click shift-refresh and manually accept the browser security warning for the session, or add the necessary steps to the automate configuration file to accept the warning prompt.
When creating a new password policy or DSS key policy, an unnecessary success toast message displays: Changes have been discarded. This notification can be ignored.
When modifying a Set attributes on account Smart Rule action, if you change the attribute type from one, which is a numeric name (i.e. 1) to a different attribute type, an error will occur: Key type must be int for this method of adding items. Workaround: delete the Set Attributes action and recreate.
In a FIPS-enabled environment, attempting an RDP Admin Session will be unsuccessful and an error message shown. Workaround: use a standard managed RDP session if possible.
In rare cases, if the time zone of the scanner has changed, a scheduled scan may not start at the scheduled time. Workaround: The scan will run at the next scheduled time.
If forms login is disabled for a user when another login method is not setup, that user cannot login. Workaround: ensure that another login method is setup before setting Disable Forms Login to yes globally or for any user.
Upgrading after installing BeyondInsight to a location other than the default displays an error message. Workaround: if you manually upgrade, select the alternate install folder during the upgrade.
Scan Data Users grid may incorrectly display Password Expired for some accounts. Workaround: log in with the affected user, or force them to change/set the password.
Analytics and Reporting: The Retina Product Usage Details by Organization report may not show any results in environments that do not have Retina scanners. Workaround: none, this report is no longer valid and will be removed in an upcoming release.
Scan Data User Details shows the user Description in the Full Name field, and may show a blank description. Workaround: none, this is informational and does not have any impact on the onboarding of the user.
In rare cases, installing BeyondInsight 22.2 on a U-Series Appliance may crash due to BIAdmin service not starting. Workaround: delete all JSON files from the BIAdmin directory, then repair the BeyondInsight installation from Programs and Features.
Configure HSM Credentials utility may crash when testing a new HSM Credential if you don't fill in the Key Name field. Workaround: be sure to fill in all the fields before testing the credential.
Deleting a user that has an active Password Safe Request or related SSH Session will not succeed, and the error message is vague. Workaround: none, this is expected behavior. The error message may be improved in an upcoming release.
The first attempt to edit a BeyondInsight user from the User Details Edit form results in a form validation error on fields that were not changed. Workaround: discard the changes and try again, or edit the user from the grid row action.
Analytics and Reporting: changes to saved views or snapshots do not reflect right away in the list. Workaround: refresh the page to see the changes.
In the Configure HSM Credentials utility, selecting the Hardware Security Module User Guide from the Help menu displays an error. Workaround: this documentation is now avaiable online on the BeyondTrust documentation site.
The No Enumerations Selected banner may not display in the Scan Wizard if the Unlimited Users box is unchecked. Workaround: ensure you select the enumeration options needed for the scan.
The Scan Data Ports grid shows a limited number of ports, with fewer details. Workaround: none; this is informational. The new BeyondTrust Discovery Agent does not perform protocol detection and returns only the standard database and remote access ports here.
Naming a scan with a name belonging to a previously deleted scan appends a counter to the end of the scan name. Workaround: the deleted scan still exists behind the scenes and the name cannot be reused. Give your scan a new name.
Using a low/least privilege user as proxy during Analytics and Reporting configuration may lead to this user not being able to download the Analytics and Reporting log files. Workaround: add this user to the msdb.dbo table so they can download the logs.
It is possible to create multiple SAML providers with the same name. Workaround: none; this is not an issue because name is not the unique identifier. If the user finds it confusing, they can edit the names to be unique.
If a credential description begins with text matching the name of the scan it is used in, the scan is displayed as though an ad-hoc credential was used. Workaround: edit the credential description to be something other than the scan name.
Analytics and Reporting: pivot grid chart may display blank if the data was recently pivoted. Workaround: expand the data after pivoting, or remove/re-add the chart.
System Event Viewer may display errors with sources of SideBySide or AppBus. Workaround: none; this is informational. The errors do not cause any system issues and will be cleaned up in a future release.
If the Endpoint Privilege Management plugin is configured but the corresponding MSI is not installed, the Event Service log may contain error messages such as System.Net.Http.HttpRequestException. Workaround: be sure that the MSI is installed and complete the plugin configuration to use this feature.
IIS App Pool users may be displayed in the Scan Data Users grid if those accounts have logged into the scanned asset. Workaround: none; this is expected behavior.
Some long field names from BeyondInsight password policy changes or directory credential changes might be truncated in the User Audit Details view. Workaround: none; this is informational. Some field names can be inferred from the parts that are visible before they are truncated.
Notes:
Direct upgrades to 22.2.2 are supported from BeyondInsight versions 7.0 or later.