candlepin is potentially vulnerable to authentication bypass. This is due to a weak authentication scheme when no settings are specified in the configuration file.
rhn.redhat.com/errata/RHSA-2013-1863.html
access.redhat.com/errata/RHSA-2013:1863
access.redhat.com/security/cve/CVE-2013-6439
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1042677
exchange.xforce.ibmcloud.com/vulnerabilities/90134
rhn.redhat.com/errata/RHSA-2013-1863.html