rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic servers X.509 certificate when migrating to a Certificate-based Red Hat Network, which allows remote man-in-the-middle attackers to obtain sensitive information such as user credentials.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Enterprise_linux | Redhat | 5 (including) | 5 (including) |
Enterprise_linux_desktop | Redhat | 5.0 (including) | 5.0 (including) |
Enterprise_linux_desktop | Redhat | 6.0 (including) | 6.0 (including) |
Enterprise_linux_eus | Redhat | 5.9.z (including) | 5.9.z (including) |
Enterprise_linux_hpc_node | Redhat | 6 (including) | 6 (including) |
Enterprise_linux_long_life | Redhat | 5.9 (including) | 5.9 (including) |
Enterprise_linux_server | Redhat | 6.0 (including) | 6.0 (including) |
Enterprise_linux_server_aus | Redhat | 6.4 (including) | 6.4 (including) |
Enterprise_linux_server_eus | Redhat | 6.4.z (including) | 6.4.z (including) |
Enterprise_linux_workstation | Redhat | 6.0 (including) | 6.0 (including) |