CVE-2001-1537 Information

Description

The default \basic\ security setting’ in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies which could allow attackers to obtain authentication information and gain privileges.

Reference

http://archives.neohapsis.com/archives/bugtraq/2001-11/0245.html http://www.iss.net/security_center/static/7619.php http://www.securityfocus.com/bid/3591