Local Information Disclosure Vulnerability in No-IP Dynamic Update Client on Windows
CVE-2008-2747

Currently unrated

Key Information:

Vendor: No-ip
Status: Dynamic Update Client
Vendor: CVE Published:; 18 June 2008

What is CVE-2008-2747?

The No-IP Dynamic Update Client (DUC) version 2.2.1 for Windows has a flaw in its handling of registry permissions. By exploiting this weakness, local users can read sensitive data including usernames and obfuscated passwords stored in the registry at HKLM\SOFTWARE\Vitalwerks\DUC. This vulnerability underscores the importance of securing registry keys to prevent unauthorized access to potentially sensitive information.

References

http://www.securityfocus.com/bid/29758

vdb-entryx_refsource_BID

http://secunia.com/advisories/30714

third-party-advisoryx_refsource_SECUNIA

http://securityreason.com/securityalert/3952

third-party-advisoryx_refsource_SREASON

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2008
Vulnerability Reserved
Jun 18, 2008

No-ip

What is CVE-2008-2747?

References

Timeline