Vulnerability Database

300,991

Total vulnerabilities in the database

CVE-2001-1537

The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.

Published: Dec 31, 2001
Updated: Nov 9, 2025
CVE: CVE-2001-1537
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-312

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
symfony / twig	-	2.7.4.x

http://archives.neohapsis.com/archives/bugtraq/2001-11/0245.html
http://www.iss.net/security_center/static/7619.php
http://www.securityfocus.com/bid/3591

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo