Authentication Bypass
Red Hat Satellite is vulnerable to authentication bypass attacks. This is because the Pulp's pulp-qpid-ssl-cfg script uses bash's $RANDOM in unsafe ways to generate a NSS DB password. An attacker could potentially guess the seed used given enough time and compute resources...