tog-pegasus does not log authentication attempts. Failed authentication attempts against the OpenPegasus CIM server were not logged to the system log as documented in README.RedHat.Security. An attacker could use this flaw to perform password guessing attacks against a user account without leaving traces in the system log.
osvdb.org/50278
secunia.com/advisories/32862
www.redhat.com/security/updates/classification/#important
www.redhat.com/support/errata/RHSA-2008-1001.html
www.securitytracker.com/id?1021281
access.redhat.com/errata/RHSA-2008:1001
admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9
admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10
bugzilla.redhat.com/show_bug.cgi?id=472017
exchange.xforce.ibmcloud.com/vulnerabilities/46830
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9431