CVE-2008-2747

CVE-2008-2747

EPSS 0.3%

No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Username, (3) Password, and (4) Hosts registry values.

Productos afectados

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://secunia.com/advisories/30714 http://securityreason.com/securityalert/3952 https://exchange.xforce.ibmcloud.com/vulnerabilities/43298 http://www.securityfocus.com/archive/1/493367/100/0/threaded http://www.securityfocus.com/bid/29758