Kaseya Spring Release: vPenTest

This page details each vPenTest release launched during the Kaseya Spring release.

Enhancements and Fixes

Subscription IP Renewal

  • Resolved an issue that prevented subscription IPs from resetting properly each month.

Grey Box Internal Pentesting Enhancements

Added validation checks to the Assessment Scheduling Wizard for the Domain and Username fields:

Domain

  • Must contain only letters, digits, and hyphens.

  • Cannot contain invalid sequences like '-.' '.-' or '..'.

  • Cannot start or end with a period.

  • onmicrosoft.com is not allowed—please use a domain similar to the target environment.

Username

  • May not contain special characters such as " [ ] : ; | = + * ? < > / \ , @.

VulScan Integration

  • Resolved an issue that prevented partners from mapping a VulScan organization to a vPenTest company.

  • Previously, users received an error message: "Contract start date cannot be blank. Contract end date cannot be blank."

  • This issue only affected partners on IP Pool licensing who were converted from a trial account to a paid account.

UI Fixes

Fixed the alignment of icons on the Summary page of the Scheduling Wizard for a consistent, polished look. All icons are now top-aligned with the text.

Enhancements and Fixes

Fixes for Partners on IP Pool Subscription Model

  • Resolved an issue where the Assigned IPs table in the IP Pool dashboard appeared blank, even when the partner had used IPs.

  • Fixed a bug where Prospect tests were incorrectly deducting IPs from the partner’s IP Pool subscription.

  • Restored all IPs that were wrongly deducted and ensured that Prospect tests no longer impact a partner’s IP allocation.

Fix for Missing Fields in Scan Custom ports feature

  • When Basic Settings is enabled from the Global Options page, selecting Scan custom ports in the Assessment Scheduling Wizard now correctly displays the two previously missing fields, restoring expected functionality.

Fixed Validation Issue for Grey Box Credentials

  • Resolved an issue where users were incorrectly required to provide Grey Box pentesting credentials even when the option was disabled, preventing them from scheduling a regular external or internal pentest in the Scheduling Assessment Wizard.

New Killer Feature: Grey Box Network Pentesting

Most cyberattacks start with compromised credentials, making it essential to understand how an attacker with limited access could escalate privileges or move through your network. This killer feature tests how much damage an attacker could do with a stolen login (e.g. Microsoft Active Directory or local accounts). It helps organizations:

  • Find weak spots where bad hackers could gain more access.

  • Identify over-permissioned accounts that expose sensitive data.

  • Prevent attackers from spreading across the network.

How it Works

  1. Prerequisites

    • The Advanced Settings option must be enabled.

    • The assessment type must be set to internal.

    • Greybox pentesting is not available for external assessments.

  2. Enabling Grey Box Pentesting

    • Navigate to Scheduled Assessment Wizard > Settings Step > Advanced Settings and toggle Grey Box Pentesting on.

  3. Providing Credentials

    • Enter Microsoft AD or local credentials, which are fully encrypted and permanently masked after input.

  4. During the Pentest

    • vPenTest will attempt to authenticate using the provided credentials.

    • If valid, these credentials will be prioritized for deeper post-exploitation analysis, with findings reflected in the final report.

View our support article to learn more.

Enhancements and Fixes

  • Updated app hyperlinks to open in a new window for a smoother browsing experience.

  • Resolved an issue causing subscriptions IPs not to reset properly

  • Fixed a Javascript issue that caused the Advanced Settings option to disappear when switching between the assessment types in Step 1 of the Assessment Scheduling Wizard.

Enhancements and Fixes

Improved User Experience for Partner-Managed Settings

  • Since company users under an MSP partner cannot enable/disable Basic and Advanced Settings, we removed these options from their profile dropdown menu for a more seamless experience.

  • These options are exclusively managed by the MSP partner.

"Remember Me" Feature Restored

  • The Remember Me option is back in the main login flow, making it easier to stay signed in.

Reports

  • Resolved an issue where a strange "Â" character appeared before the copyright "©" symbol in technical reports.

Updated Help Article Links

  • Fixed several broken help article links across the platform to ensure users can easily access relevant support resources.

February 24, 2025

Enhancements and Fixes

  • KaseyaOne App Launcher: Fixed an issue where the app launcher would disappear when switching tabs in the left sidebar.

  • Improved 2FA Experience: Updated the UI on the 2FA verification step for a more user-friendly login process.

Enhancements and Fixes

Trials

  • Resolved an issue where trial customers incorrectly received "Insufficient IPs" email notifications.

VulScan Integration

  • Fixed an API issue preventing VulScan integration from working for MME customers.

Assessment Dashboard

  • Fixed a display issue where Pause Assessment and Cancel Assessment buttons appeared on completed assessments.

Email Notifications

  • Resolved an issue where company users were receiving email notifications they had not subscribed to.

UI Enhancements

  • Improved the Main Login Page with UI enhancements to buttons and toaster messages for a more consistent user experience.

Enhancements and Fixes

NEW UI for Main Login

  • Updated the login page to align with Kaseya’s common look and feel, providing a more unified and seamless user experience.

Our new login screen now looks like this:

Our old login:

Scheduling

  • Fixed an issue where the IP inclusion/exclusion text box didn’t allow spaces.

  • Resolved an issue where external pentests incorrectly allowed Internal IPs and deducted the wrong number of IPs from a partner’s subscription.

  • Improved the error message in the scheduling wizard for external pentests to clearly display domain URLs with issues instead of a generic formatting error.

Agents Page

  • Improved sorting in the Agent tab for Company Users—now all columns can be sorted properly for easier data management.

White-Labeling

  • Resolved an issue where invite email for company member of new partner created has report logo instead of partner logo

Enhancements and Fixes

KaseyaOne Unified Login

  • Removed user emails from the exclusion list if they are deleted in KaseyaOne, ensuring cleaner account management.

Assessments

  • Fixed an issue where schedules with multiple dates appeared as duplicates in the Calendar tab.

UI Enhancements

  • Adjusted padding between tabs in the Announcements section for better readability.

  • Vertically aligned forms on the partner and user onboarding pages for a more polished appearance.

  • Standardized dropdown menus in the Profile header for a consistent user experience.

Enhancement

CREST Certified Pentest feature expanded to include Australasia region

We're excited to share that Vonahi Security is now a CREST member company in both EMEA and Australasia. Partners and customers now have an option to select a CREST-certified network penetration test when scheduling assessments for any company in EMEA and Australasia.

How it Works

  • The Company's time zone must be in EMEA or Australasia region for this option to show in the Scheduling Wizard

  • If this option is enabled, all reports will have the CREST logo on the cover

  • Learn more and see screenshots.

Fix

Assessments

  • Addressed an issue where the Pending Delete label appeared after pausing an assessment, while the Update Allowed Scanning Times button was hidden, preventing users from updating testing hours for running assessments.

Enhancements and Fixes

Assessments

  • Fixed an issue preventing companies without an assigned industry value from running assessments.

  • Resolved a bug where the Host Discovery table sorting functionality in the Assessment Dashboard was not working as intended.

UI Enhancement

  • Fixed a misalignment issue with the Call-to-Action (CTA) button and dropdown in the Agent Card on the Company Member Dashboard for a more polished user interface.

Enhancements and Fixes

General

  • Country Code Display: Fixed an issue where the last digit of the country code was appended at the beginning of the office number in the edit user screen upon first launch.

  • Dropdown Accessibility: Fixed an issue on the Users tab, where the dropdown arrow to show more entries per page was not clickable

  • Email Search: Fixed a bug where searching by email on the Users list tab did not work for emails containing "_", "+" symbols.

  • IP Address Sorting: Updated IP address sorting to sort correctly by each octet rather than just the last digit.

  • Updating an Assessment: Fixed a backend syncing issue where editing assessments updated the frontend but failed to save, preventing scheduled assessments from starting.

MSP Partner Onboarding

  • Domain Validation: Resolved a URL domain validation issue in the Partner Onboarding form, enabling proper validation for domain names with multiple segments separated by dots.

  • Password Validation: Enhanced the Partner Onboarding registration form to accept all non-alphanumeric characters as valid in the password field.

MMEs

  • Company Members Search: Fixed an issue where the text search functionality in the Company Members tab was non-functional.

  • Agent Sorting: Resolved sorting issues on the List of Agents tab in the Company Profile page, ensuring accurate column sorting.

UI Enhancement

  • Updated the overall UI for the User Onboarding registration form, making it more consistent with Kaseya's IT Complete platform for a more unified platform experience.