CVE-2001-1537

HIGH

TWIG webmail <2.7.4 - Info Disclosure

Title source: llm

Description

The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.

References (3)

[Broken Link] http://archives.neohapsis.com/archives/bugtraq/2001-11/0245.html

[Broken Link] http://www.iss.net/security_center/static/7619.php

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/3591

Scores

CVSS v3 7.5

EPSS 0.0020

EPSS Percentile 42.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-312

Status draft

Affected Products (1)

symfony/twig < 2.7.4

Timeline

Published Dec 31, 2001

Tracked Since Feb 18, 2026