Vigil@nce - IBM WebSphere MQ : preconfigured passwords disclosure
octobre 2014 par Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can obtain passwords used by IBM WebSphere MQ, in
order to access to privileged features.
Impacted products : WebSphere MQ
Severity : 2/4
Creation date : 14/10/2014
DESCRIPTION OF THE VULNERABILITY
The IBM WebSphere MQ product uses preconfigured passwords.
However, these passwords are displayed in clear text by :
– WebSphere MQ classes for Java libraries
– WebSphere MQ Explorer
An attacker can therefore obtain passwords used by IBM WebSphere
MQ, in order to access to privileged features.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/IBM-WebSphere-MQ-preconfigured-passwords-disclosure-15467