Lucene search
MitreCVE-2008-2747HistoryJun 18, 2008 - 7:41 p.m.
CVE-2008-2747
2008-06-1819:41:00
CWE-200
mitre
web.nvd.nist.gov
21
no-ip
duc
windows
registry key
permissions
vulnerability
security
nvd
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
AI Score
5.9
Confidence
Low
EPSS
0
Percentile
5.1%
No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Username, (3) Password, and (4) Hosts registry values.
Affected configurations
Node
microsoftwindows
no-ipdynamic_update_clientMatch2.2.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | windows | * | cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* |
| no-ip | dynamic_update_client | 2.2.1 | cpe:2.3:a:no-ip:dynamic_update_client:2.2.1:*:*:*:*:*:*:* |
Related
prion
prion
Default credentials
2008-06-18 19:41:00
nvd
nvd
CVE-2008-2747
2008-06-18 19:41:00
cvelist
cvelist
CVE-2008-2747
2008-06-18 19:00:00
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
AI Score
5.9
Confidence
Low
EPSS
0
Percentile
5.1%
Related for CVE-2008-2747