Rick Console

**Name of the Vulnerable Software and Affected Versions** Milner ImageDirector Capture versions 7.0.9 through 7.6.3.25808 **Description** The software uses a hard-coded encryption key within the `Password` function in `C2SGlobalSettings.dll` on Windows. A local attacker can exploit this to decrypt database credentials by obtaining the cryptographic key directly from the executable. **Recommendations** Update to a version later than 7.6.3.25808.

**Name of the Vulnerable Software and Affected Versions** Milner ImageDirector Capture versions 7.0.9 through 7.6.3.25808 **Description** A flaw exists in Milner ImageDirector Capture that involves insufficiently protected credentials within the credential field. This allows for the retrieval of credential material and enables database access. **Recommendations** Update Milner ImageDirector Capture to a version later than 7.6.3.25808.

**Name of the Vulnerable Software and Affected Versions** Milner ImageDirector Capture versions 7.0.9 through 7.6.3.25808 **Description** A security issue exists in the Connection Settings dialog of Milner ImageDirector Capture that allows an Adversary in the Middle (AiTM) attack. This occurs because the 'Server' field can be modified, redirecting client authentication. The vulnerability involves insufficiently protected credentials and improper restriction of the communication channel to intended endpoints. **Recommendations** Update Milner ImageDirector Capture to version 7.6.3.25808 or later.

**Name of the Vulnerable Software and Affected Versions** Milner ImageDirector Capture versions 7.0.9.0 through 7.6.3.25808 **Description** The software contains a flaw due to the use of a broken cryptographic algorithm (DES). This impacts the Password class within the C2SConnections.dll component on Windows systems. The issue allows for encryption brute forcing, potentially leading to the compromise of database credentials. **Recommendations** Update Milner ImageDirector Capture to a version later than 7.6.3.25808.

**Name of the Vulnerable Software and Affected Versions** Milner ImageDirector Capture versions 7.0.9.0 through 7.6.3.25808 **Description** A flaw exists in Milner ImageDirector Capture on Windows due to the use of hard-coded application encryption keys within the `C2SGlobalSettings.dll` component. This allows decryption of document archive files using these credentials. **Recommendations** Update Milner ImageDirector Capture to a version later than 7.6.3.25808.