Vulnerability Description
No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Username, (3) Password, and (4) Hosts registry values.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows | All versions |
| No-Ip | Dynamic Update Client | 2.2.1 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/30714Vendor Advisory
- http://securityreason.com/securityalert/3952
- http://www.securityfocus.com/archive/1/493367/100/0/threaded
- http://www.securityfocus.com/bid/29758
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43298
- http://secunia.com/advisories/30714Vendor Advisory
- http://securityreason.com/securityalert/3952
- http://www.securityfocus.com/archive/1/493367/100/0/threaded
- http://www.securityfocus.com/bid/29758
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43298
FAQ
What is CVE-2008-2747?
CVE-2008-2747 is a vulnerability with a CVSS score of 2.1 (LOW). No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive ...
How severe is CVE-2008-2747?
CVE-2008-2747 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2747?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows, No-Ip Dynamic Update Client.