Back to search
CVE-2008-2747
Published: Jun 18, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Username, (3) Password, and (4) Hosts registry values.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
29758
vdb-entry
x_refsource_BID
30714
third-party-advisory
x_refsource_SECUNIA
3952
third-party-advisory
x_refsource_SREASON
20080616 DUC NO-IP Local Password Information Disclosure Vulnerability
mailing-list
x_refsource_BUGTRAQ
noipduc-duc-info-disclosure(43298)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now