VYPR

Dynamic Update Client

by No IP

CVEs (2)

  • CVE-2024-40457CriSep 12, 2024
    risk 0.59cvss 9.1epss 0.01

    No-IP Dynamic Update Client (DUC) v3.x uses cleartext credentials that may occur on a command line or in a file. NOTE: the vendor's position is that cleartext in /etc/default/noip-duc is recommended and is the intentional behavior.

  • CVE-2008-2747Jun 18, 2008
    risk 0.00cvss epss 0.00

    No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Username, (3) Password, and…