Описание
The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.
Ссылки
- Broken Link
- Broken Link
- Broken LinkThird Party AdvisoryVDB Entry
- Broken Link
- Broken Link
- Broken LinkThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 2.7.4 (включая)
cpe:2.3:a:symfony:twig:*:*:*:*:*:*:*:*
EPSS
Процентиль: 43%
0.00204
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-312
Связанные уязвимости
CVSS3: 7.5
debian
больше 23 лет назад
The default "basic" security setting' in config.php for TWIG webmail 2 ...
CVSS3: 7.5
github
больше 3 лет назад
The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.
EPSS
Процентиль: 43%
0.00204
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-312