A flaw was found in the way Red Hat Network (RHN) Satellite and Spacewalk services managed user authentication. A time delay was not inserted after each failed log in, which could allow a remote attacker to conduct a password guessing attack efficiently. Acknowledgements: Red Hat would like to thank Thomas Biege of the SuSE Security Team for reporting this issue.
The CVE identifier of CVE-2011-0718 has been assigned to this issue.
This issue has been addressed in following products: Red Hat Network Satellite Server v 5.4 Via RHSA-2011:0300 https://rhn.redhat.com/errata/RHSA-2011-0300.html
Created spacewalk-backend tracking bugs for this issue Affects: fedora-all [bug 679887]