The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/bugtraq/2001-11/0245.html | Broken Link |
http://www.iss.net/security_center/static/7619.php | Broken Link |
http://www.securityfocus.com/bid/3591 | Broken Link Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2005-07-14T04:00:00
Updated: 2008-03-11T09:00:00
Reserved: 2005-07-14T00:00:00
Link: CVE-2001-1537
JSON object: View
NVD Information
Status : Analyzed
Published: 2001-12-31T05:00:00.000
Modified: 2024-02-13T16:19:41.493
Link: CVE-2001-1537
JSON object: View
Redhat Information
No data.
CWE