CVE-2006-6071

Name of the Vulnerable Software and Affected Versions TWiki versions 4.0.5 and earlier

Description The issue arises when TWiki is running under Apache 1.3, using ApacheLogin with sessions, and "ErrorDocument 401" redirects to a valid wiki topic. In this setup, failed login attempts are not properly handled, allowing remote attackers to read arbitrary content. This can be achieved by cancelling out of a failed authentication with a valid username and an invalid password.

Recommendations For TWiki versions 4.0.5 and earlier, consider updating to a version that properly handles failed login attempts to prevent unauthorized access to content. As a temporary workaround, restrict access to sensitive wiki topics until a proper fix is applied.