VULHUB ™

TWIG is an application framework for web based intranet and groupware applications. It includes support for webmail and newsgroup access. When a user authenticates to TWIG, their account name and password are stored in a cookie. Under the default configuration for TWIG, this information is not encrypted. An attacker able to aquire this cookie through a cross-site scripting vulnerability will be able to recover the password and authenticate as the user. Vulnerabilities such as Bugtraq ID 3513 may also lead to account compromise. Earlier versions of TWIG may also have this default configuration.

TWIG is an application framework for web based intranet and groupware applications. It includes support for webmail and newsgroup access. When a user authenticates to TWIG, their account name and password are stored in a cookie. Under the default configuration for TWIG, this information is not encrypted. An attacker able to aquire this cookie through a cross-site scripting vulnerability will be able to recover the password and authenticate as the user. Vulnerabilities such as Bugtraq ID 3513 may also lead to account compromise. Earlier versions of TWIG may also have this default configuration.