Skip to content

BeyondTrust Password Safe Key

Service Name: BeyondTrust Password Safe

Service Description: BeyondTrust Password Safe is a privileged access management solution that secures and manages privileged credentials, providing automated password and session management to protect critical systems and sensitive data.

Service Address: https://www.beyondtrust.com/password-safe

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the platform level through BeyondTrust's access policies.

Secret Access Scope: Grants API access to the BeyondTrust Password Safe platform, allowing for automated password retrieval, session management, and administrative operations.

Secret Revokement URL: https://www.beyondtrust.com/docs/password-safe/documents/api/index.htm

Secret Example: 3f4d55a8e4b025230071c584a7e32862f6c41a12c2b5d7264d974fb3de6b8741

Suspicious Activity Investigation Instructions:

  • Review the Password Safe audit logs for unusual credential retrievals or API calls.
  • Check for access attempts outside of normal business hours or from unusual locations.
  • Monitor for mass credential retrievals or unusual session activity patterns.
  • Examine API usage patterns for automated scripts or tools that may be misusing the API key.
  • Review user activity reports to identify potential unauthorized access.

Mitigation Instructions:

  • Log into the BeyondTrust Password Safe administrative console.
  • Navigate to the API Registration section.
  • Locate and delete the compromised API key.
  • Generate a new API key with appropriate permissions.
  • Update all legitimate applications and services with the new API key.
  • Implement IP restrictions for API access if not already in place.
  • Consider implementing additional authentication factors for API access.
  • Review and adjust API access permissions to follow the principle of least privilege.