Milner ImageDirector Capture Hard-Coded Encryption Key Vulnerability Allowing Database Credential Decryption

Vulnerability

A vulnerability exists in Milner ImageDirector Capture versions 7.0.9 prior to 7.6.3.25808, due to a hard-coded encryption key used in the Password function within C2SGlobalSettings.dll. This flaw enables local attackers to decrypt database credentials by extracting the cryptographic key from the executable.

Impact

Exploitation of this vulnerability allows local attackers to access decrypted database credentials, potentially leading to unauthorized data access or manipulation.

Added: Jan 20, 2026, 11:41 PM

Updated: Jan 20, 2026, 11:41 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

2.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

2.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Milner ImageDirector Capture Hard-Coded Encryption Key Vulnerability Allowing Database Credential Decryption

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating