PT-2025-22399 · Itech · Itech Ilabclient
Published
2025-05-21
·
Updated
2025-12-27
·
CVE-2024-56428
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
itech iLabClient version 3.7.1
Description
The issue allows local attackers to read cleartext credentials for servers configured in the client from the local iLabClient database, specifically from the CONFIGS table.
Recommendations
For itech iLabClient version 3.7.1, consider restricting access to the CONFIGS table in the local iLabClient database to minimize the risk of exploitation. As a temporary workaround, restrict local access to the iLabClient database until a patch is available.
Exploit
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Itech Ilabclient