SSH Key Target Authentication: HashiCorp Vault Summary...
SSH Key Target Authentication: HashiCorp Vault Summary Tenable is announcing the release of updated functionality in regards to credential fetching in our HashiCorp Vault Integration. We have updated this integration to retrieve an SSH key for target authentication. This will expand functionality and usability for our customer’s use cases. Scope When using HashiCorp, customers can now retrieve an SSH key stored as a secret in their HashiCorp Vault. The customer can specify the SSH key using the same “Password Key” field in the User Interface. Previously this would only work for password authentication. Additionally, passphrase protected SSH keys can be specified with the appropriate “Password Key” and “Passphrase Key” specified. Impact There is no impact to existing scans. In Nessus and Tenable VM, a new Passphrase Key field will be present in credentials using HashiCorp Vault for SSH scans. Security Center will get the same field at a later date. If users encounter issues, please open a ticket with Technical Support. Release Date November 15th, 2024 - TVM, Nessus; TBD for Security Center.
Hashicorp Vault LDAP Secrets Engine Authentication Summary...
Hashicorp Vault LDAP Secrets Engine Authentication Summary Tenable has added the ability to authenticate using Hashicorp Vault and the LDAP secrets engine. Change The “Vault Type” drop-down menu which previously contained KV1, KV2 and AD has been extended to include a fourth option, LDAP. The LDAP secrets engine works similarly to the AD engine. The AD engine has been deprecated by Hashicorp and customers can use the LDAP engine as a replacement. See the following screenshot for an example of Windows credential configuration within Nessus: Release Immediate for Nessus and VM, TBD for SC.
HashiCorp Vault Integration Privilege Escalation Support...
HashiCorp Vault Integration Privilege Escalation Support Added Summary SSH privilege escalation has been added to the HashiCorp Vault Privileged Access Management (PAM) integration. When configuring SSH credentials using the HashiCorp Vault integration, customers can now choose one of the following privilege escalation methods: sudo su+sudo su .k5login Cisco ‘enable’ dzdo pbrun Customers may specify the name of a secret in Hashicorp vault containing the privilege escalation password, if it differs from the login password. Change New UI elements have been added when authenticating using HashiCorp Vault under “Elevate privileges with”. Impact Nothing should change with your current configuration. The new escalation methods can be used when configured. Release Date 5/23/2023 for IO and NessusHashiCorp Vault Kerberos Authentication Support Summary...
HashiCorp Vault Kerberos Authentication Support Summary Kerberos is an authentication method used commonly in large networks to authenticate to systems. Support for this method of authentication has been added for our HashiCorp Vault Windows and HashiCorp Vault SSH based authentication mechanisms. Change A new UI element has been added when authentication using HashiCorp Vault, examples in the screenshots below. HashiCorp Vault Kerberos Windows Off HashiCorp Vault Kerberos Windows On HashiCorp Vault Kerberos SSH Off HashiCorp Vault Kerberos SSH On Impact The new authentication method can be used for authentication when configured. Nothing should change with your current configuration. Release Date 4/3/2023 for IO and Nessus
