Yer a Wizard! Tagging Hard-coded Credentials Can Lead to Finding Magic (Numbers)

This research note describes CVE-2024-6633: FileCatalyst Workflow exposes its embedded HSQLDB via published default credentials. The author reproduces the service, demonstrates successful authentication using a Python JDBC connector, inspects the protocol traffic (identifying the HSQLDB NETWORK_COMPATIBILITY_VERSION_INT magic value), and provides Suricata detection signatures to detect the protocol and the default credentials on the network.