Jeppojeps

**Name of the Vulnerable Software and Affected Versions** No-IP Dynamic Update Client (DUC) versions 3.x **Description** The No-IP Dynamic Update Client (DUC) v3.x uses cleartext credentials that may occur on a command line or in a file. The vendor's position is that cleartext in /etc/default/noip-duc is recommended and is the intentional behavior. **Recommendations** For No-IP Dynamic Update Client (DUC) versions 3.x, consider restricting access to the /etc/default/noip-duc file to minimize the risk of exploitation. As a temporary workaround, avoid using cleartext credentials in command lines or files until a more secure method is implemented. At the moment, there is no information about a newer version that contains a fix for this vulnerability.