Hitachi ID Systems, Inc.

Hitachi

Technology Password Disclosure
Hitachi ID Systems Web Feeds Follow Us on Twitter Follow us on LinkedIn
certification

Product Sites

Password Disclosure

Hitachi ID Privileged Password Manager controls access by users and programs to privileged accounts on systems and applications. By default, that means randomizing and disclosing current password values. Display of password values is not a recommended part of the process, however:

  1. IT staff can directly launch Terminal Services (RDP), SSH (PuTTY) and other connections to target systems from the Privileged Password Manager web user interface, without displaying a password value.
  2. IT staff can use an ActiveX control embedded in the Privileged Password Manager web UI to place a copy of a sensitive password into their OS copy buffer, again without displaying the passwords. This password is automatically cleared from their copy buffer after a few seconds.
  3. Privileged Password Manager can dynamically attach a recipient's Active Directory domain login ID to a local security group on a target system and later remove it. This eliminates the need to disclose passwords even to a software agent on the recipient's workstation.
  4. Where password display is required (e.g., a target system is currently offline), JavaScript in the Privileged Password Manager web UI removes it from the screen after a few seconds.

A policy defined for each group of resources in Privileged Password Manager determines which of these access disclosure mechanisms is available to each group of users. For example, password display may be allowed for Windows workstations, since they may be inaccessible over the network, but only RDP sessions (with no possibility of disclosure) may be allowed for Windows servers.