Aeolus Configuration Server is vulnerable to information disclosure. Passwords are stored in plain text in the world-readable /var/log/aeolus-configserver/configserver.log
file. A local attacker could use this flaw to obtain the administrative passwords for other services.
rhn.redhat.com/errata/RHSA-2013-0545.html
access.redhat.com/knowledge/docs/
access.redhat.com/knowledge/docs/en-US/CloudForms/1.1/html/Installation_Guide/Updating_CloudForms_Cloud_Engine.html
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=875294
bugzilla.redhat.com/show_bug.cgi?id=895569
bugzilla.redhat.com/show_bug.cgi?id=903395
bugzilla.redhat.com/show_bug.cgi?id=903646
bugzilla.redhat.com/show_bug.cgi?id=903650
bugzilla.redhat.com/show_bug.cgi?id=903651
bugzilla.redhat.com/show_bug.cgi?id=912395
rhn.redhat.com/errata/RHSA-2013-0545.html