RedCarpet allows the remote administration of systems by running the rc daemon (rcd) on the server side to accept SSL encrypted commands from the client. The tool rug is such a client application that can be run from command-line. The client does not verify the SSL certificates received from the server and is therefore vulnerable to a man-in-the-middle attack which allows an attacker to read traffic and to insert commands.
No work-around is known for the man-in-the-middle attack. The permissions of the configuration file can be changed using the chmod(1) command as root.