REDHAT-BUG-1042677
First published: Fri Dec 13 2013(Updated: )
Devan Goodwin <dgoodwin> reports: We have identified a fairly serious security issue in previous, or upgraded versions of Subscription Asset Manager (SAM). The issue was caused by an extremely insecure authentication mode in the candlepin project, which was mistakenly enabled by default if no setting was specified in the config file.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Subscription Asset Manager | ||
| Red Hat Candlepin |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of REDHAT-BUG-1042677?
The severity of REDHAT-BUG-1042677 is considered fairly serious due to the insecure authentication mode.
How do I fix REDHAT-BUG-1042677?
To fix REDHAT-BUG-1042677, you should disable the insecure authentication mode in Subscription Asset Manager.
Which versions are affected by REDHAT-BUG-1042677?
All previous or upgraded versions of Red Hat Subscription Asset Manager and Red Hat Candlepin may be affected by REDHAT-BUG-1042677.
What causes the vulnerability REDHAT-BUG-1042677?
The vulnerability REDHAT-BUG-1042677 is caused by an insecure authentication mode that was mistakenly enabled by default.
Who reported the vulnerability REDHAT-BUG-1042677?
The vulnerability REDHAT-BUG-1042677 was reported by Devan Goodwin.
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-6439
- agent/severity
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/red hat
- canonical/red hat subscription asset manager
- canonical/red hat candlepin