CVE-2001-1537

The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.
Configurations

Configuration 1 (hide)

cpe:2.3:a:symfony:twig:*:*:*:*:*:*:*:*

History

20 Nov 2024, 23:37

Type Values Removed Values Added
References () http://archives.neohapsis.com/archives/bugtraq/2001-11/0245.html - Broken Link () http://archives.neohapsis.com/archives/bugtraq/2001-11/0245.html - Broken Link
References () http://www.iss.net/security_center/static/7619.php - Broken Link () http://www.iss.net/security_center/static/7619.php - Broken Link
References () http://www.securityfocus.com/bid/3591 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/3591 - Broken Link, Third Party Advisory, VDB Entry

13 Feb 2024, 16:19

Type Values Removed Values Added
CVSS v2 : 5.0
v3 : unknown
v2 : 5.0
v3 : 7.5
References (BUGTRAQ) http://archives.neohapsis.com/archives/bugtraq/2001-11/0245.html - (BUGTRAQ) http://archives.neohapsis.com/archives/bugtraq/2001-11/0245.html - Broken Link
References (XF) http://www.iss.net/security_center/static/7619.php - (XF) http://www.iss.net/security_center/static/7619.php - Broken Link
References (BID) http://www.securityfocus.com/bid/3591 - (BID) http://www.securityfocus.com/bid/3591 - Broken Link, Third Party Advisory, VDB Entry
CPE cpe:2.3:a:twig:webmail:*:*:*:*:*:*:*:* cpe:2.3:a:symfony:twig:*:*:*:*:*:*:*:*
CWE NVD-CWE-Other CWE-312
First Time Symfony twig
Symfony

Information

Published : 2001-12-31 05:00

Updated : 2024-11-20 23:37


NVD link : CVE-2001-1537

Mitre link : CVE-2001-1537

CVE.ORG link : CVE-2001-1537


JSON object : View

Products Affected

symfony

  • twig
CWE
CWE-312

Cleartext Storage of Sensitive Information