Red Hat Security Advisory 2015-0430-01 - The virt-who package provides an agent that collects information about virtual guests present in the system and reports them to the subscription manager. It was discovered that the /etc/sysconfig/virt-who configuration file, which may contain hypervisor authentication credentials, was world-readable. A local user could use this flaw to obtain authentication credentials from this file.
c74d9e0c58c00270342f387597b399221af20e648c038fae10cae98a2d08b3cb