CVE-2008-2747

No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Username, (3) Password, and (4) Hosts registry values.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
VendorProductVersion
no-ipdynamic_update_client
2.2.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/30714
http://securityreason.com/securityalert/3952
http://www.securityfocus.com/archive/1/493367/100/0/threaded
http://www.securityfocus.com/bid/29758
https://exchange.xforce.ibmcloud.com/vulnerabilities/43298
http://secunia.com/advisories/30714
http://securityreason.com/securityalert/3952
http://www.securityfocus.com/archive/1/493367/100/0/threaded
http://www.securityfocus.com/bid/29758
https://exchange.xforce.ibmcloud.com/vulnerabilities/43298