MQAUSX Security Bulletin

Yesterday, it was discovered that MQAUSX has a security issue of a high priority. If your IniFile is using UseAuthOrder and AuthOrder keywords and if the any of the parameters of AuthOrder keyword are disabled then all incoming connections are allowed.
i.e.

UseAuthOrder = Y
AuthOrder = ldap files mqausx
UseLDAP = N

A fix is available for this bug. Please contact Capitalware Support immediately for the fix. For an interim fix, either disable UseAuthOrder or make sure none of the authentication components listed in AuthOrder are disabled.

Regards,
Roger Lacroix
Capitalware Inc.

This entry was posted in Capitalware, IBM i (OS/400), Linux, MQ Authenticate User Security Exit, Security, Unix, Windows, z/OS.

Comments are closed.