CVE-2001-1537
First published: Mon Dec 31 2001(Updated: )
The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Twig | <=2.7.4 | |
| TWIG Webmail | <=2.7.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2001-1537?
CVE-2001-1537 has a high severity level due to the exposure of cleartext usernames and passwords in cookies.
How do I fix CVE-2001-1537?
To fix CVE-2001-1537, update to a version of TWIG webmail later than 2.7.4 that has addressed this security issue.
Who is affected by CVE-2001-1537?
CVE-2001-1537 affects users of TWIG webmail versions 2.7.4 and earlier, as well as Symfony Twig versions up to 2.7.4.
What is the impact of CVE-2001-1537?
The impact of CVE-2001-1537 could allow attackers to gain unauthorized access to user accounts by stealing authentication information.
Is there a workaround for CVE-2001-1537?
A temporary workaround for CVE-2001-1537 includes disabling cookies or implementing alternative secure authentication methods.
- agent/type
- agent/first-publish-date
- agent/references
- agent/weakness
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- agent/author
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-historical
- vendor/symfony
- canonical/twig
- version/twig/2.7.4
- vendor/twig
- canonical/twig webmail
- version/twig webmail/2.7.4