Cleartext Credential Exposure in No-IP Dynamic Update Client v3.x
CVE-2024-40457

Currently unrated

Key Information:

Vendor: No-IP
Status: Dynamic Update Client (DUC)
Vendor: CVE Published:; 12 September 2024

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-40457?

The No-IP Dynamic Update Client (DUC) v3.x version stores cleartext credentials, potentially exposing sensitive information through command line usage or within configuration files. Despite security concerns, the vendor maintains that this cleartext usage in the specified file is intentional, raising implications for users regarding the management and protection of their credentials.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-40457-PoC
Created by jeppojeps

References

https://www.noip.com/support/knowledgebase/install-linux-...

https://www.noip.com/support/knowledgebase/running-linux-...

Timeline

🟡
Public PoC available
Oct 31, 2024
👾
Exploit known to exist
Oct 31, 2024
Vulnerability published
Sep 12, 2024
Vulnerability Reserved
Jul 5, 2024

JSON

No-IP