Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passwords is made as part of the installation script, after the administrator has generated a password using ENCtool.jar (see CVE-2019-13022). This allows any low-privilege user who can read this file to trivially obtain the passwords for the administrative accounts of the JetSelect application. The path to the file containing the encoded password hash is /opt/JetSelect/SFC/resources/sfc-general-properties.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Bond Technology Management JetSelect 安全漏洞
Vulnerability Description
Bond Technology Management JetSelect是塞浦路斯Bond Technology Management公司的一款用于管理船上IP和网络的应用程序。 Bond Technology Management JetSelect中存在安全漏洞,该漏洞源于管理员密码存储在文件系统上不受保护的文件中。攻击者可利用该漏洞获取JetSelect应用程序管理帐户的密码。
CVSS Information
N/A
Vulnerability Type
N/A