Vulnerabilites - CVE-2001-1537

Home > Resources > Vulnerabilites > CVE-2001-1537

Resources

CVE-2001-1537

Status:

Candidate

Description:

The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.

Reference:

BUGTRAQ:20011128 TWIG default configurations may lead to insecure auth-cookie password storage
URL:http://archives.neohapsis.com/archives/bugtraq/2001-11/0245.html
XF:twig-password-plaintext-cookie(7619)
URL:http://www.iss.net/security_center/static/7619.php

Phase:

Assigned (20050714)

CVE ID

Protocol

SoursePort

TargetPort

Other Vulnerabilities:

Year	CEV (3053) Common Vulnerabilities and Exposures	CAN (20174) Candidate
1999	CVE-1999 (821)	CAN-1999 (749 )
2000	CVE-2000 (808)	CAN-2000 (423 )
2001	CVE-2001 (625)	CAN-2001 (934 )
2002	CVE-2002 (643)	CAN-2002 (1566)
2003	CVE-2003 (81 )	CAN-2003 (1236)
2004	CVE-2004 (75 )	CAN-2004 (2601)
2005	-	CAN-2005 (4825)
2006	-	CAN-2006 (6982)
2007	-	CAN-2007 (858 )

Free Network Analyzer

Free Packet Sniffer

We’re here to help…

Call:  800-381-6680
Fax:  888-813-1029
email:

Quick Links

Stay in touch

Colasoft, Capsa, nChronos and Colasoft logos are registered trademarks of Colasoft. Sniffer is a registered trademark of Network General Corporation. All other names are trademarks or registered trademarks of their respective owners.

nChronos

Capsa

nChronos

Capsa Enterprise

Capsa Professional

Other

Colasoft Online Store

How to Buy

nChronos

Capsa

Network Tools

Other

Resources

CVE-2001-1537

Status:

Description:

Reference:

Phase:

Other Vulnerabilities:

Free Network Analyzer

We’re here to help…

Quick Links

Stay in touch