Vulnerability Details : CVE-2001-1537
The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.
Exploit prediction scoring system (EPSS) score for CVE-2001-1537
Probability of exploitation activity in the next 30 days: 0.25%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 64 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2001-1537
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2001-1537
-
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Assigned by: nvd@nist.gov (Primary)
References for CVE-2001-1537
-
http://archives.neohapsis.com/archives/bugtraq/2001-11/0245.html
Broken Link
-
http://www.securityfocus.com/bid/3591
Broken Link;Third Party Advisory;VDB Entry
-
http://www.iss.net/security_center/static/7619.php
Broken Link
Products affected by CVE-2001-1537
- cpe:2.3:a:symfony:twig:*:*:*:*:*:*:*:*