CVE-2008-2747

Sažetak

No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Username, (3) Password, and (4) Hosts registry values.

Reference

http://secunia.com/advisories/30714
http://securityreason.com/securityalert/3952
http://www.securityfocus.com/archive/1/493367/100/0/threaded
http://www.securityfocus.com/bid/29758
https://exchange.xforce.ibmcloud.com/vulnerabilities/43298

CVSS

Base:	2.1
Impact:	2.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

11-10-2018 - 20:42

Objavljeno

18-06-2008 - 19:41