Skip to content
High Published: Dec 31, 2001 Modified: Apr 03, 2025

CVE-2001-1537

7.5 CVSS Score High
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Export CVE-2001-1537 Data:
Share:
Link copied!

Description

The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.

CVSS Vector Details

Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability None

Affected Software Configurations

  • a symfony twig * * * * * * * *

Weaknesses (CWE)

  • CWE-312

References & External Links

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

Related Vulnerabilities

CVE-2001-1481 CVSS 9.8 Same weakness: CWE-312 CVE-2001-1536 CVSS 7.5 Same weakness: CWE-312 CVE-2002-1696 CVSS 5.5 Same weakness: CWE-312 CVE-2002-1800 CVSS 7.5 Same weakness: CWE-312 CVE-2004-2397 CVSS 7.5 Same weakness: CWE-312

CVE History Timeline

Sep 26, 2005 20:36 Initial Analysis
Feb 13, 2024 16:19 Reanalysis
May 14, 2024 01:20 CVE Modified
Nov 20, 2024 23:37 CVE Modified
← Back to CVE Tracker