Weak Authentication Scheme in Candlepin: Unspecified Impact and Attack Vectors

Weak Authentication Scheme in Candlepin: Unspecified Impact and Attack Vectors

CVE-2013-6439 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors.

Learn more about our Cyber Security Assurance Subscription.