CVE-2012-3359 in Red Hat
Summary
by MITRE
Luci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the __ac session cookie, which allows attackers to gain privileges by accessing this cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2013-7347 for the incorrect enforcement of a user timeout.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 05/09/2026
The vulnerability identified as CVE-2012-3359 affects the Luci component within Red Hat Conga, a web-based management interface for Red Hat Enterprise Linux environments. This security flaw resides in how the system handles authentication sessions, specifically through improper credential storage mechanisms that create significant security risks for administrators and users interacting with the management interface. The vulnerability manifests in the session cookie handling process where user credentials are stored in an encoded format rather than being properly secured or encrypted, creating a direct pathway for privilege escalation attacks.
The technical implementation of this vulnerability stems from the use of Base64 encoding for storing user credentials within the __ac session cookie. This approach represents a fundamental security misconfiguration where sensitive authentication data is not properly protected through cryptographic means but instead relies on simple encoding that can be easily reversed or decoded by attackers who gain access to the cookie. The Base64 encoding used here does not provide encryption or security protection, merely obfuscation that offers no real barrier to determined attackers who can readily decode the information to extract usernames and passwords. This flaw directly violates security best practices and represents a clear violation of the principle of least privilege and secure credential handling.
The operational impact of this vulnerability extends beyond simple credential exposure, as it enables attackers to gain unauthorized administrative access to Red Hat Conga management interfaces. When an attacker successfully accesses a session cookie containing Base64 encoded credentials, they can immediately escalate their privileges and assume the identity of legitimate users, potentially gaining full administrative control over the managed systems. This creates a severe risk for enterprise environments where Red Hat Conga is deployed for system management, as it allows for unauthorized access to critical infrastructure management functions, configuration changes, and potential lateral movement within the network. The vulnerability's impact is particularly concerning given that it affects the core authentication mechanism of the management interface.
Security professionals should note this vulnerability aligns with CWE-312 (Cleartext Storage of Sensitive Information) and CWE-522 (Insufficiently Protected Credentials), both of which specifically address the improper handling of authentication data. The issue also relates to ATT&CK technique T1563.002 (Account Access Removal) and T1078 (Valid Accounts) as attackers can leverage compromised session cookies to maintain persistent access to systems. Organizations should implement immediate mitigations including disabling the vulnerable Luci component, implementing proper session management controls, and ensuring that all authentication data is stored using strong encryption rather than simple encoding. The vulnerability's classification as a privilege escalation issue also makes it particularly dangerous in environments where administrators have elevated system access rights, as successful exploitation could lead to complete system compromise. Additionally, the issue's relationship to CVE-2013-7347 highlights the broader nature of authentication-related vulnerabilities in Red Hat Conga systems, indicating that multiple related security flaws may require coordinated remediation efforts.