CVE-2008-2747

medium

Description

No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Username, (3) Password, and (4) Hosts registry values.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/43298

http://www.securityfocus.com/bid/29758

http://www.securityfocus.com/archive/1/493367/100/0/threaded

http://securityreason.com/securityalert/3952

http://secunia.com/advisories/30714

Details

Source: Mitre, NVD

Published: 2008-06-18

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00053