In Stimulsoft Designer (Desktop) 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft.report.dll the attacker is able to decrypt any connectionstring stored in .mrt files since a static secret is used. The secret does not differ between the tested versions and different operating systems.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
stimulsoft designer 2023.1.4 |
||
stimulsoft designer 2023.1.5 |