Описание
No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Username, (3) Password, and (4) Hosts registry values.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
cpe:2.3:a:no-ip:dynamic_update_client:2.2.1:*:*:*:*:*:*:*
EPSS
Процентиль: 16%
0.00053
Низкий
2.1 Low
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
почти 4 года назад
No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Username, (3) Password, and (4) Hosts registry values.
EPSS
Процентиль: 16%
0.00053
Низкий
2.1 Low
CVSS2
Дефекты
CWE-200