Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
Red Hat
Authentication Bypass
Subscription Asset Manager
NVD
CVSS 2.0
9.3
EPSS
0.4%