No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Username, (3) Password, and (4) Hosts registry values.
References
Configurations
Configuration 1 (hide)
AND |
|
History
No history.
Information
Published : 2008-06-18 19:41
Updated : 2024-02-28 11:21
NVD link : CVE-2008-2747
Mitre link : CVE-2008-2747
CVE.ORG link : CVE-2008-2747
JSON object : View
Products Affected
microsoft
- windows
no-ip
- dynamic_update_client
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor