CVE-2024-55557

CRITICAL

Weasis 4.5.1 - Use of Hard-coded Credentials in ProxyPrefView

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-55557. PoCs published by partywavesec.

AI-analyzed exploit summary This exploit retrieves and decrypts proxy credentials from Weasis 4.5.1 by either reading local files or remotely interacting with the service. It uses Blowfish decryption and base64 decompression to extract credentials from a properties file.

Description

ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encryption of proxy credentials.

Exploits (1)

nomisec WORKING POC 1 stars
by partywavesec · poc
https://github.com/partywavesec/CVE-2024-55557

This exploit retrieves and decrypts proxy credentials from Weasis 4.5.1 by either reading local files or remotely interacting with the service. It uses Blowfish decryption and base64 decompression to extract credentials from a properties file.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Weasis 4.5.1 and earlier
No auth needed
Prerequisites: Access to local files or remote service on port 17179 · Weasis installation with proxy credentials configured
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 9.8
EPSS 0.0132
EPSS Percentile 67.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-798
Status published
Published Dec 16, 2024
Tracked Since Feb 18, 2026