Red Hat Bugzilla – Bug 452461
CVE-2008-2369 RHN Satellite: information disclosure via manzier.pxt RPC script
Last modified: 2011-08-24 04:19:05 EDT
It was discovered that Red Hat Network Satellite used authentication based on a
single key hard-coded in the source code in the XML-RPC script manzier.pxt.
Remote attacker able to connect to Satellite could use this to obtain some
information about RHN Satellite users (such as login names, associated email
addresses, internal user IDs, partial information about entitlements).
This issue was corrected in RHN Satellite 5.1:
There's no plan to address this in RHN Satellite 5.0 and earlier.