Vulnonym.org

CVE-2008-2747 - Disposed Wetspot

Description

No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword (2) Username (3) Password and (4) Hosts registry values.

Reference

http://www.securityfocus.com/bid/29758 http://secunia.com/advisories/30714 http://securityreason.com/securityalert/3952 https://exchange.xforce.ibmcloud.com/vulnerabilities/43298 http://www.securityfocus.com/archive/1/493367/100/0/threaded