Skip to main content

We are facing a common challenge in password vaulting systems where the password age isn't directly tracked, and the password hash changes even when unrelated attributes are modified. This makes it difficult to determine when the password was last changed.

Problem Summary

  • No dedicated timestamp for password change.
  • Password hash changes even when non-password attributes are modified.
  • You need to detect passwords older than 2 years to raise a security finding.

 

How to solve this in secret safe?

Hi ​@bpkothari , 

Generally, the Password Hash should not change unless the file/secret itself has changed. Can you please provide more details on what type of secret did you see this happen and what attributes were modified that affected the hash? 

Here are some additional details on Secrets Safe Hash - BeyondInsight / Password Safe - How to upload a file or view the HASH of a file in Secrets Safe - Store keys, certificates, and tokens in Secrets Safe 

There is a timestamp located at the bottom of the ‘view details’ page of all secrets that shows the Date Created and Date Modified for the secret. However, it does not currently supports the password history or the password age functionality. 

There is an open feature request for it on our Ideas Portal - T2PSM-I-2439 - Add versioning and history on secret safe secrets in vault. We encourage you to add your votes to this Idea so our product team can prioritize this in our future releases.

Aging Secrets Detection would be a great new feature to request via our Ideas Portal as well - Ideas.beyondtrust.com | BeyondTrust

Please let me know if you have any questions. 

Thank you! 

 


Reply