← CVECheck
HomeVulnerabilities

CVE-2001-1537 — HIGH severity vulnerability (The default "basic" security setting' in config.php for TWIG)

The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.

CVE IDCVE-2001-1537
SeverityHIGH
CVSS score7.5
CVSS vectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWECWE-312
StatusModified
Published2001-12-31
Last modified2026-04-16
DescriptionThe default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →