Devan Goodwin <dgoodwin> reports: We have identified a fairly serious security issue in previous, or upgraded versions of Subscription Asset Manager (SAM). The issue was caused by an extremely insecure authentication mode in the candlepin project, which was mistakenly enabled by default if no setting was specified in the config file.
Acknowledgment: This issue was discovered by Adrian Likins of RedHat.
This issue has been addressed in following products: Red Hat Subscription Asset Manager 1.3 Via RHSA-2013:1863 https://rhn.redhat.com/errata/RHSA-2013-1863.html