The (Static) Keys to Abusing PDQ SmartDeploy

PDQ SmartDeploy prior to version 3.0.2046 used static, hardcoded encryption keys and weak encoding for credential storage in Answer Files, registry entries, and configuration files, enabling low-privileged users or anyone with access to deployment artifacts (WIM images, REMINST shares, or SmartDeploy server files) to decrypt privileged credentials and escalate privileges; proof-of-concept scripts and a disclosure timeline culminating in CVE assignments and a patched release are included.