Cbaker6

**Name of the Vulnerable Software and Affected Versions** Parse Server versions prior to 4.5.1 **Description** The issue arises when an anonymous user is first signed up using the REST API, causing the server to create a session incorrectly. Specifically, the `authProvider` field in the ` Session` class under `createdWith` shows the user as logged in with a password. This incorrect classification affects developers who depend on the `createdWith` field to provide different levels of access between password users and anonymous users. The server does not currently use `createdWith` for internal decision-making, so developers not using it directly are not affected. **Recommendations** For versions prior to 4.5.1, upgrade to version 4.5.1 to resolve the issue. As a temporary workaround, do not use the `createdWith` Session field to make decisions if anonymous login is allowed.