CVE-2008-2747

Published: Jun 18, 2008Modified: Apr 23, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Username, (3) Password, and (4) Hosts registry values.

Affected (1)

Products: No Ip: Dynamic Update Client

1 product

Dynamic Update Client

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
No Ip Dynamic Update Client	Version 2.2.1

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

http://secunia.com/advisories/30714

Source: cve@mitre.org

Vendor Advisory

http://securityreason.com/securityalert/3952

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/493367/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/29758

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/43298

Source: cve@mitre.org

http://secunia.com/advisories/30714

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securityreason.com/securityalert/3952

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/493367/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/29758

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/43298

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.