convert2rhel is vulnerable to information disclosure. When the activation key option is used, the activation key is subsequently passed to the subscription manager via the command line, which allows unauthorized users to view the activation key via the process command line through the htop
or ps
, leading to register systems purchased by the victim