Security Bulletin: IBM WebSphere MQ Explorer 8.0.0.0-8.0.0.2 does not protect credentials (CVE-2015-1967)

Print

WebSphere MQ: Security bulletin

Security Bulletin: IBM WebSphere MQ Explorer does not protect credentials (CVE-2015-1967)

IBM WebSphere MQ Explorer can be configured to send userid and password credentials to a remote queue manager for authentication. When compatibility mode is unchecked in MQ Explorer, the password should be sent in a protected form in the absence of any transport level security, such as TLS.

An error in the MQ Explorer implementation in IBM WebSphere MQ 8.0.0.2 and earlier maintenance always causes compatibility mode to be used and password credentials to be sent in cleartext.