Lucene search
GoogleOSV:GHSA-4W46-W44M-3JQ3HistoryDec 28, 2020 - 4:33 p.m.
Parse Server stores password in plain text
2020-12-2816:33:17
Google
osv.dev
13
parse server
ldap
password storage
vulnerability
fixed
EPSS
0.001
Percentile
39.6%
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext.
This is fixed in version 4.5.0 by stripping password after authentication to prevent cleartext password storage.
References
github.com/parse-community/parse-server/commit/da905a357d062ab4fea727a21eac231acc2ed92a
github.com/parse-community/parse-server/releases/tag/4.5.0
github.com/parse-community/parse-server/security/advisories/GHSA-4w46-w44m-3jq3
nvd.nist.gov/vuln/detail/CVE-2020-26288
www.npmjs.com/advisories/1593
www.npmjs.com/package/parse-server
Related
cvelist
cvelist
CVE-2020-26288 Parse Server stores password in plain text
2020-12-30 19:25:17
osv
osv
CVE-2020-26288
2020-12-30 20:15:15
BIT-parse-2020-26288
2024-03-06 11:04:12
github
github
Parse Server stores password in plain text
2020-12-28 16:33:17
prion
prion
Authentication flaw
2020-12-30 20:15:00
nodejs
nodejs
Password stored in plain text
2020-12-30 19:29:10
veracode
veracode
Information Disclosure
2020-12-29 09:11:57
nvd
nvd
CVE-2020-26288
2020-12-30 20:15:15
cve
cve
CVE-2020-26288
2020-12-30 20:15:15