Version 2024.3.7.0 (November 4, 2024)
If you use a client (RDM, PowerShell, etc.), version 2024.3 is required for this DVLS version
FIXES
- SECURITY FIX CVE-2024-10971 Core - Fixed an issue where some reports could be viewed without the required permissions
- SECURITY FIX CVE-2024-12148 Core - Fixed an issue where the current password for an entry could be viewed through the password history
- Core - Fixed an error that occurred when using an AnyIdentity with a gateway while the user had no gateway license
- Core - Fixed an issue when renaming an entry from the context menu in the Vault tree
- Core - Fixed an issue where multiple errors were shown in the log when connecting with a domain
- Core - Fixed an issue with the User Vault after a SQL migration
- PAM - Fixed an issue when moving a PAM folder to another vault
- PAM - Fixed an issue when saving password templates in the PAM vault
- PAM - Fixed an issue where the OTP was not displayed on the PAM entry overview
## CONSOLE RELEASE NOTES ##
IMPROVEMENTS
- Minor updates
Érica Poirier
All Comments (4)
CVE-2024-10971Core - Fixed an issue where the current password for an entry could be viewed through the password history
This upgrade broken our users ability to connect to clients sites again. They are unable to connect to a customer using credentials because they do not have the 'view credentials' permission. We need our staff to connect to sites with passwords without being able to view what the password is.
Refer support case 00064640.
Hello,
I'm sorry to hear that. I understand your concern, your users need to be able to open sessions without viewing the password. It is an important issue on our side. We are investigating this issue and will keep you posted as soon as we have an update.
Sorry for the inconvenience.
Best regards,
François Dubois
Hi sjames,
A fix has been released internally and will be available by the end of the week in the next 2024.3 release.
Best regards,
Benoît Sansregret
Brilliant - thanks