Cleartext Storage of Usernames and Passwords in Cookies Vulnerability

Cleartext Storage of Usernames and Passwords in Cookies Vulnerability

CVE-2001-1537 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.

Learn more about our Web App Pen Testing.