Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nodejsAnonymousNODEJS:1593
HistoryDec 30, 2020 - 7:29 p.m.

Password stored in plain text

2020-12-3019:29:10
Anonymous
www.npmjs.com
49
parse-server
ldap authentication
cleartext password storage
security fix
github advisory
cve
fix commit
release notes

EPSS

0.001

Percentile

39.6%

JSON

Overview

parse-server is an open source backend that can be deployed to any infrastructure that can run Node.js. In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping password after authentication to prevent cleartext password storage.

Recommendation

Upgrade to version 4.5.0 or later.

References

Related

osv 3
github 1
cvelist 1
prion 1
veracode 1
nvd 1
cve 1
osv
osv
CVE-2020-26288
2020-12-30 20:15:15
BIT-parse-2020-26288
2024-03-06 11:04:12
Parse Server stores password in plain text
2020-12-28 16:33:17
github
github
Parse Server stores password in plain text
2020-12-28 16:33:17
cvelist
cvelist
CVE-2020-26288 Parse Server stores password in plain text
2020-12-30 19:25:17
prion
prion
Authentication flaw
2020-12-30 20:15:00
veracode
veracode
Information Disclosure
2020-12-29 09:11:57
nvd
nvd
CVE-2020-26288
2020-12-30 20:15:15
cve
cve
CVE-2020-26288
2020-12-30 20:15:15

EPSS

0.001

Percentile

39.6%

JSON
Related for NODEJS:1593
osv3github1cvelist1prion1veracode1nvd1cve1