This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can obtain passwords used by IBM WebSphere MQ, in
order to access to privileged features.

Impacted products : WebSphere MQ

Severity : 2/4

Creation date : 14/10/2014

DESCRIPTION OF THE VULNERABILITY

The IBM WebSphere MQ product uses preconfigured passwords.

However, these passwords are displayed in clear text by :
– WebSphere MQ classes for Java libraries
– WebSphere MQ Explorer

An attacker can therefore obtain passwords used by IBM WebSphere
MQ, in order to access to privileged features.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/IBM-WebSphere-MQ-preconfigured-passwords-disclosure-15467