CVE-2020-26288

Summary

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package "parse-server". In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping password after authentication to prevent cleartext password storage.

Affected Software

VendorProductVersion RangeStatus
parse-communityparse-server< 4.5.0affected

Weaknesses

  • CWE-312: CWE-312: Cleartext Storage of Sensitive Information

ADP Enrichment

CVE Program Container

Additional References

References