That’s why you should not use the very same secret AppKey for each device.
Also, to derive the secret session keys, each node needs the unique DevNonce it has generated when creating the Join Request: https://runkit.com/avbentem/deciphering-a-lorawan-otaa-join-accept This means it cannot successfully decipher another node’s Join Accept. (But when using the same AppKey it might not know it actually retrieved erroneous keys.)
You should actually avoid that, as the gateway needs to adhere to a duty cycle as well and cannot handle simultaneous joins: Multiple new devices trying to OTAA.