Red Hat · Luci · CVE-2010-3852
**Name of the Vulnerable Software and Affected Versions**
Luci versions 0.22.4 and earlier
**Description**
The default configuration of Luci in Red Hat Conga uses a static secret key for cookies, which makes it easier for remote attackers to bypass authentication via a forged ticket cookie.
**Recommendations**
For Luci versions 0.22.4 and earlier, update the secret key for cookies to a unique and secure value to prevent bypassing of repoze.who authentication.