Red Hat · Candlepin · CVE-2013-6439
**Name of the Vulnerable Software and Affected Versions**
Red Hat Subscription Asset Manager versions 1.0 through 1.3
**Description**
The issue concerns a weak authentication scheme used by Candlepin in Red Hat Subscription Asset Manager when the configuration file does not specify a scheme. This has an unspecified impact and attack vectors.
**Recommendations**
For versions 1.0 through 1.3, consider specifying a secure authentication scheme in the configuration file to mitigate the risk of exploitation. As a temporary workaround, review and strengthen the authentication configuration to minimize potential vulnerabilities.