Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors.Referenceshttps://bugzilla.redhat.com/show_bug.cgi?id=1042677http://rhn.redhat.com/errata/RHSA-2013-1863.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/90134
