CVE-2008-2747

Name of the Vulnerable Software and Affected Versions No-IP Dynamic Update Client (DUC) version 2.2.1

Description The issue concerns weak permissions for a specific registry key, allowing local users to access sensitive information. This includes obtaining obfuscated passwords and other data by reading the TrayPassword, Username, Password, and Hosts registry values.

Recommendations For No-IP Dynamic Update Client (DUC) version 2.2.1, consider restricting access to the HKLMSOFTWAREVitalwerksDUC registry key to prevent local users from reading sensitive information. As a temporary workaround, restrict access to the TrayPassword, Username, Password, and Hosts registry values until a patch is available.