Devan Goodwin

**Name of the Vulnerable Software and Affected Versions** Red Hat Subscription Asset Manager versions 1.0 through 1.3 **Description** The issue concerns a weak authentication scheme used by Candlepin in Red Hat Subscription Asset Manager when the configuration file does not specify a scheme. This has an unspecified impact and attack vectors. **Recommendations** For versions 1.0 through 1.3, consider specifying a secure authentication scheme in the configuration file to mitigate the risk of exploitation. As a temporary workaround, review and strengthen the authentication configuration to minimize potential vulnerabilities.