It was found that the yum-rhn-plugin caches sensitive authentication information in the world-readable /var/spool/up2date/loginAuth.pkl file. This information could be used to download packages from Red Hat Network (Hosted or Satellite) or otherwise manipulate the package list associated with the system's profile, which could possibly prevent new errata from being installed.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0449 https://rhn.redhat.com/errata/RHSA-2010-0449.html
Created rhn-client-tools tracking bugs for this issue Affects: fedora-all [bug 598642]
This was corrected in Fedora 14: * Thu Apr 29 2010 Miroslav Suchý <msuchy> 1.1.2-1 - 585386 - do not fail if file do not exist