CVE-2001-1537 — HIGH severity vulnerability (The default "basic" security setting' in config.php for TWIG)
The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.
| CVE ID | CVE-2001-1537 |
|---|---|
| Severity | HIGH |
| CVSS score | 7.5 |
| CVSS vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| CWE | CWE-312 |
| Status | Modified |
| Published | 2001-12-31 |
| Last modified | 2026-04-16 |
| Description | The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges. |
| Source | NIST National Vulnerability Database |
🔍 Search all vulnerabilities →
$999/mo
Try CVECheck →