Описание
Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Satellite 6 | candlepin | Not affected | ||
| Red Hat Subscription Asset Manager 1.3 | candlepin | Fixed | RHSA-2013:1863 | 19.12.2013 |
Показывать по
10
Дополнительная информация
Статус:
Important
Дефект:
CWE-807->CWE-290
https://bugzilla.redhat.com/show_bug.cgi?id=1042677candlepin: insecure authentication enabled by default
9 Critical
CVSS2
Связанные уязвимости
nvd
около 12 лет назад
Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors.
github
больше 3 лет назад
Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors.
9 Critical
CVSS2