Parse Server fixes brute forcing bug that put sensitive user data at risk

20-Sep-22

The API server module for Node.js and the Express WAF were both vulnerable to brute-force guessing attacks due to a security weakness in Parse Server. For iOS, macOS, Android, and the tvOS operating system on Apple TV, Parse Server, a well-known open source project, offers push notification features.

In a GitHub alert sent on Friday, a description of the vulnerability states that “internal fields and protected fields can be exploited as query limitations.” Read More…