CVE-2001-1537
published 2001-12-31CVE-2001-1537: The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow…
PriorityP424high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.11%
61.9th percentile
The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| symfony | twig | <= 2.7.4 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
CWE
Cleartext Storage of Sensitive Information
mitre_cwe
CWE-312 Cleartext Storage of Sensitive Information
CWE-312: Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Modes of Introduction:
Phase: Architecture and Design
Note: OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase.
Common Consequences:
Scope: Confidentiality. Impact: Read Application Data. An attacker with access to the system could read sensitive information stored in cleartext (i.e., unencrypted). Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.
Detection Methods:
Automated Static Analysis: Automated static analysis, commonly referred to as Stat
CWE
Cleartext Storage of Sensitive Information in a Cookie
mitre_cwe·CVSS 7.5
[HIGH] CWE-315 Cleartext Storage of Sensitive Information in a Cookie
CWE-315: Cleartext Storage of Sensitive Information in a Cookie
The product stores sensitive information in cleartext in a cookie.
Attackers can use widely-available tools to view the cookie and read the sensitive information. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.
Modes of Introduction:
Phase: Architecture and Design
Note: OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase.
Common Consequences:
Scope: Confidentiality. Impact: Read Application Data.
Detection Methods:
Automated Static Analysis: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instan
http://archives.neohapsis.com/archives/bugtraq/2001-11/0245.htmlhttp://www.iss.net/security_center/static/7619.phphttp://www.securityfocus.com/bid/3591http://archives.neohapsis.com/archives/bugtraq/2001-11/0245.htmlhttp://www.iss.net/security_center/static/7619.phphttp://www.securityfocus.com/bid/3591
2001-12-31
Published