CVE-2008-2747 Information

Description

No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword (2) Username (3) Password and (4) Hosts registry values.

Reference

http://secunia.com/advisories/30714 http://securityreason.com/securityalert/3952 http://www.securityfocus.com/archive/1/493367/100/0/threaded http://www.securityfocus.com/bid/29758 https://exchange.xforce.ibmcloud.com/vulnerabilities/43298