George Clark

**Name of the Vulnerable Software and Affected Versions** TWiki versions 4.0.5 and earlier **Description** The issue arises when TWiki is running under Apache 1.3, using ApacheLogin with sessions, and "ErrorDocument 401" redirects to a valid wiki topic. In this setup, failed login attempts are not properly handled, allowing remote attackers to read arbitrary content. This can be achieved by cancelling out of a failed authentication with a valid username and an invalid password. **Recommendations** For TWiki versions 4.0.5 and earlier, consider updating to a version that properly handles failed login attempts to prevent unauthorized access to content. As a temporary workaround, restrict access to sensitive wiki topics until a proper fix is applied.