Lucene search
Veracode Vulnerability DatabaseVERACODE:28842HistoryDec 29, 2020 - 9:11 a.m.
Information Disclosure
2020-12-2909:11:57
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
parse-server
ldap
cleartext
vulnerability
information disclosure
EPSS
0.001
Percentile
39.6%
parse-server is vulnerable to information disclosure. The vulnerability exist because the user passwords involved in LDAP authentication are stored in cleartext.
References
github.com/advisories/GHSA-4w46-w44m-3jq3
github.com/parse-community/parse-server/commit/da905a357d062ab4fea727a21eac231acc2ed92a
github.com/parse-community/parse-server/releases/tag/4.5.0
github.com/parse-community/parse-server/security/advisories/GHSA-4w46-w44m-3jq3
www.npmjs.com/advisories/1593
www.npmjs.com/package/parse-server
Related
osv
osv
CVE-2020-26288
2020-12-30 20:15:15
BIT-parse-2020-26288
2024-03-06 11:04:12
Parse Server stores password in plain text
2020-12-28 16:33:17
github
github
Parse Server stores password in plain text
2020-12-28 16:33:17
cvelist
cvelist
CVE-2020-26288 Parse Server stores password in plain text
2020-12-30 19:25:17
prion
prion
Authentication flaw
2020-12-30 20:15:00
nodejs
nodejs
Password stored in plain text
2020-12-30 19:29:10
nvd
nvd
CVE-2020-26288
2020-12-30 20:15:15
cve
cve
CVE-2020-26288
2020-12-30 20:15:15