CVE-2008-2747

No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Username, (3) Password, and (4) Hosts registry values.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
cpe:2.3:a:no-ip:dynamic_update_client:2.2.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2008-06-18 19:41

Updated : 2024-02-28 11:21


NVD link : CVE-2008-2747

Mitre link : CVE-2008-2747

CVE.ORG link : CVE-2008-2747


JSON object : View

Products Affected

microsoft

  • windows

no-ip

  • dynamic_update_client
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor