Properties Weak Cipher Suite
Description
Detects the use of weak or insecure cipher suites in IBM MQ configurations within Java properties files. When vulnerable cipher suites are configured, it can lead to weak encryption, potentially allowing attackers to decrypt sensitive communications or perform man-in-the-middle attacks.
Detection Strategy
• Check for 'ibm.mq.cipher.suite' property in Java properties files
• Verify if the configured cipher suite value matches known vulnerable IANA cipher suites
• Verify if the configured cipher suite value matches known vulnerable OpenSSL cipher suites
• Report a vulnerability if the cipher suite is identified as weak or insecure
Vulnerable code example
# IBM MQ configuration with insecure SSL settings
# Disabling SSL protection for MQ connections (vulnerable)
ibm.mq.use_ssl=false
# Using weak/deprecated cipher suites (vulnerable)
ibm.mq.cipher.suite=TLS_RSA_WITH_AES_128_CBC_SHA256
...✅ Secure code example
# IBM MQ configuration with secure SSL/TLS settings
# Enable SSL/TLS protection for MQ connections
ibm.mq.use_ssl=true # Always enable SSL/TLS in production
# Use strong TLS protocol version
ibm.mq.ssl.protocol=TLSv1.2
...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.