CVE-2024-56429

HIGH

itech iLabClient <3.7.1 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-56429. PoCs published by lisa-2905.

AI-analyzed exploit summary This repository provides a working PoC for CVE-2024-56429, which involves extracting a hardcoded boot password from the iLabClient application to access and manipulate an Apache Derby database. The PoC includes tools to decrypt the boot password and generate user data hashes for database manipulation.

Description

itech iLabClient 3.7.1 relies on the hard-coded YngAYdgAE/kKZYu2F2wm6w== key (found in iLabClient.jar) for local users to read or write to the database.

Exploits (1)

nomisec WORKING POC

by lisa-2905 · poc

https://github.com/lisa-2905/CVE-2024-56429

View Code ZIP pw:eip

This repository provides a working PoC for CVE-2024-56429, which involves extracting a hardcoded boot password from the iLabClient application to access and manipulate an Apache Derby database. The PoC includes tools to decrypt the boot password and generate user data hashes for database manipulation.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: iLabClient (version not specified)

No auth needed

Prerequisites: Access to the iLabClient installation directory · Java runtime environment · Apache Derby tools

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Various Sources

https://github.com/lisa-2905/CVE-2024-56429

Various Sources

https://itech-gmbh.de/produkte/

Scores

CVSS v3 7.7

EPSS 0.0014

EPSS Percentile 3.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-321

Status published

Products (1)

itech/iLabClient 3.7.1

Published May 21, 2025

Tracked Since Feb 18, 2026