The Luci in Red Hat Conga is vulnerable to privilege escalation. Storing usernames and passwords in __ac
session cookies leads to incorrect session inactivity timeout and to get access to the user credential via the cookie.
rhn.redhat.com/errata/RHSA-2013-0128.html
access.redhat.com/security/updates/classification/#low
bugzilla.redhat.com/show_bug.cgi?id=607179
bugzilla.redhat.com/show_bug.cgi?id=832181
bugzilla.redhat.com/show_bug.cgi?id=832183
bugzilla.redhat.com/show_bug.cgi?id=832185
bugzilla.redhat.com/show_bug.cgi?id=835649
bugzilla.redhat.com/show_bug.cgi?id=839732
rhn.redhat.com/errata/RHSA-2013-0128.html