CVE-2001-1537 — Cleartext Storage of Sensitive Info in Twig

CWE-312 — Cleartext Storage of Sensitive Info3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 57.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symfony Twig

Timeline

PublishedDec 31

Latest updateApr 30

Description

The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDsymfony/twig2.7.4

🔴Vulnerability Details

GHSA

GHSA-f465-339w-2vhm: The default "basic" security setting' in config↗2022-04-30

▶

CVEList

CVE-2001-1537: The default "basic" security setting' in config↗2005-07-14

▶