CVE-2020-26288

Cleartext Storage of Sensitive Information in npm/parse-server

Identifier

CVE-2020-26288

Package Slug

npm/parse-server

Vulnerability

Cleartext Storage of Sensitive Information

Description

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In Parse Server, user passwords involved in LDAP authentication are stored in cleartext. This is fixed by stripping the password after authentication to prevent cleartext password storage.

Affected Versions

All versions before 4.5.0

Solution

Upgrade to version 4.5.0 or above.

Last Modified

2021-01-06

source