

Rewterz Threat Advisory – Zoom proxy server function code execution
January 1, 2021
Rewterz Threat Alert – Phishing Campaign Targeting Pakistan Financial Sector
January 2, 2021
Rewterz Threat Advisory – Zoom proxy server function code execution
January 1, 2021
Rewterz Threat Alert – Phishing Campaign Targeting Pakistan Financial Sector
January 2, 2021Severity
High
Analysis Summary
CVE-2020-26288
Node.js parse-server module could allow a remote attacker to obtain sensitive information, caused by the storing of domain password in plain text in the authData section of returned contract. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain domain password information, and use this information to launch further attacks against the affected system.
Impact
Information disclosure
Affected Vendors
NodeJS
Affected Products
Node.js parse-server 4.4.0
Remediation
Upgrade to the latest version of parse-server (4.5.0 or later).