The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/bugtraq/2001-11/0245.html | Broken Link |
http://www.iss.net/security_center/static/7619.php | Broken Link |
http://www.securityfocus.com/bid/3591 | Broken Link Third Party Advisory VDB Entry |
http://archives.neohapsis.com/archives/bugtraq/2001-11/0245.html | Broken Link |
http://www.iss.net/security_center/static/7619.php | Broken Link |
http://www.securityfocus.com/bid/3591 | Broken Link Third Party Advisory VDB Entry |
Configurations
History
20 Nov 2024, 23:37
Type | Values Removed | Values Added |
---|---|---|
References | () http://archives.neohapsis.com/archives/bugtraq/2001-11/0245.html - Broken Link | |
References | () http://www.iss.net/security_center/static/7619.php - Broken Link | |
References | () http://www.securityfocus.com/bid/3591 - Broken Link, Third Party Advisory, VDB Entry |
13 Feb 2024, 16:19
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
References | (BUGTRAQ) http://archives.neohapsis.com/archives/bugtraq/2001-11/0245.html - Broken Link | |
References | (XF) http://www.iss.net/security_center/static/7619.php - Broken Link | |
References | (BID) http://www.securityfocus.com/bid/3591 - Broken Link, Third Party Advisory, VDB Entry | |
CPE | cpe:2.3:a:symfony:twig:*:*:*:*:*:*:*:* | |
CWE | CWE-312 | |
First Time |
Symfony twig
Symfony |
Information
Published : 2001-12-31 05:00
Updated : 2024-11-20 23:37
NVD link : CVE-2001-1537
Mitre link : CVE-2001-1537
CVE.ORG link : CVE-2001-1537
JSON object : View
Products Affected
symfony
- twig
CWE
CWE-312
Cleartext Storage of Sensitive Information