• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

TWiki Failed Login Information Disclosure Vulnerability

TWiki is prone to an information-disclosure vulnerability because it fails to authenticate users before providing access to sensitive information.

Exploiting this issue could allow an attacker to retrieve sensitive information, including wiki content that is in access-restricted topics.

Note that the following are required to exploit this vulnerability:

- The Apache 1.3 webserver is running
- The Apache 'ErrorDocument 401' configuration setting is set to a TWiki topic
- ApacheLogin with TWiki-4.0 is used with sessions enabled (or SessionPlugin for older versions)