Vigil@nce - WebSphere AS: Man-in-the-Middle of FIPS 140-2
June 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can act as a Man-in-the-Middle with FIPS 140-2
configured on IBM WebSphere AS, in order to read or write data in
the session.
– Impacted products: WebSphere AS.
– Severity: 2/4.
– Creation date: 11/04/2016.
DESCRIPTION OF THE VULNERABILITY
The IBM WebSphere AS product uses the TLS protocol, in order to
create secure sessions.
It can be configured to support the FIPS 140-2 standard. However,
in this case, the TLS configuration is weak.
An attacker can therefore act as a Man-in-the-Middle with FIPS
140-2 configured on IBM WebSphere AS, in order to read or write
data in the session.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/WebSphere-AS-Man-in-the-Middle-of-FIPS-140-2-19339