Automatic SSH not working in ERPM/RPM v4.83.5

Follow

Revision: 1.1
Date: March 05, 2013
Problem:

For targets managed via SSH/Telnet such as Linux and UNIX hosts, [Enterprise] Random Password Manager can set highly complex passwords that include upper case, lower case, numbers, and special characters (symbols). The problem in version 4.83.5 of ERPM/RPM is that when the special characters (symbols) are used in a password, the automatic SSH feature ceases to function.

The problem only affects release builds of ERPM/RPM v4.83.5.

Cause:

[Enterprise] Random Password Manager had undergone a red-team / blue-team penetration test and it was discovered that we were not escping all characters when leveraging this particular control. To remedy the situation, Lieberman Software escaped (encoded) the characters and sent them to the control. The problem in the release build is that the subsequent and required decoding was not occurring. The result is that automatic SSH sessions where special characters were used in the password did not work.

Resolution:

If you are affected by this bug, the recommended course of action is download the fix which to replace a single ASP file (Terminal.ASP). This file can be replaced in the website installation path which is typically \inetpub\wwwroot\pwcweb. Choose to overwrite the existing file. Further more, you may also update the original source file (not necessary for website functionality) to avoid potential issues should you redeploy the website. The original file is found in the WebInterface sub-folder of the installation directory for the product which is typically %programfiles(x86)%\Lieberman\[RPM | Roulette].

If it is not desired to update the file, but you still wish to use the automatic SSH feature in v4.83.5, then your password change jobs for SSH targets (non-Windows) should explicitly not include special characters in them.

This issue is resolved for v4.83.5 by downloading the attached Terminal.ZIP file, extracting Terminal.ASP into \inetpub\wwwroot\pwcweb and choosing to overwrite the existing file.

This issue will be resolved in all builds released after v4.83.5.

Applies To:
Enterprise Random Password Manager (ERPM)
Random Password Manager (RPM)

Was this article helpful?
0 out of 0 found this helpful

Comments

Powered by Zendesk