Vulnerability Details CVE-2008-2747
No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Username, (3) Password, and (4) Hosts registry values.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 16.2%
CVSS Severity
CVSS v2 Score 2.1
References
- http://secunia.com/advisories/30714
- http://securityreason.com/securityalert/3952
- http://www.securityfocus.com/archive/1/493367/100/0/threaded
- http://www.securityfocus.com/bid/29758
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43298
- http://secunia.com/advisories/30714
- http://securityreason.com/securityalert/3952
- http://www.securityfocus.com/archive/1/493367/100/0/threaded
- http://www.securityfocus.com/bid/29758
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43298
Products affected by CVE-2008-2747
-
cpe:2.3:a:no-ip:dynamic_update_client:2.2.1
-
cpe:2.3:o:microsoft:windows:-
-
cpe:2.3:o:microsoft:windows:1.0
-
cpe:2.3:o:microsoft:windows:2.0
-
cpe:2.3:o:microsoft:windows:2000
-
cpe:2.3:o:microsoft:windows:3.0
-
cpe:2.3:o:microsoft:windows:3.1
-
cpe:2.3:o:microsoft:windows:3.11
-
cpe:2.3:o:microsoft:windows:server_2008
-
cpe:2.3:o:microsoft:windows:vista