3 matches found
BIT-PARSE-2026-33624 Parse Server: MFA recovery code single-use bypass via concurrent requests
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.60 and 9.6.0, an attacker who obtains a user's password and a single MFA recovery code can reuse that recovery code an unlimited number of times by sending concurrent logi...
CVE-2026-33624
CVE-2026-33624 affects Parse Server. Prior to versions 8.6.60 and 9.6.0-alpha.54, an attacker who knows a user’s password and a valid MFA recovery code can reuse that code indefinitely by sending concurrent login requests, defeating the single‑use design of recovery codes. Impacted component: MFA...
CVE-2026-33624 Parse Server: MFA recovery code single-use bypass via concurrent requests
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.60 and 9.6.0-alpha.54, an attacker who obtains a user's password and a single MFA recovery code can reuse that recovery code an unlimited number of times by sending...