It was discovered that Red Hat Certificate System use insecure default file permissions on configuration files (such as password.conf) that may contain authentication credentials or other sensitive information that should only be accessible to administrative and service users. This problem allows any local user to read Red Hat Certificate System configuration files.
Lifting embargo.
This issue was addressed in: Red Hat Certificate System: http://rhn.redhat.com/errata/RHSA-2009-0006.html http://rhn.redhat.com/errata/RHSA-2009-0007.html