Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2747

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2008-2747
Last Modified 29 Jan 2009 01:51:07
Published 18 Jun 2008 03:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-2747

Summary

No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Username, (3) Password, and (4) Hosts registry values.

Vulnerable Systems

Application

  • No-ip Dynamic Update Client 2.2.1


References

XF - noipduc-duc-info-disclosure(43298)

BID - 29758

BUGTRAQ - 20080616 DUC NO-IP Local Password Information Disclosure Vulnerability

SREASON - 3952

SECUNIA - 30714


Last Updated: 27 May 2016 10:47:58