Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Bond JetSelect (all versions) has an issue in the Java class (ENCtool.jar) and corresponding password generation algorithm (used to set initial passwords upon first installation). It XORs the plaintext into the 'encrypted' password that is then stored within the database. These steps are able to be trivially reversed, allowing for escalation of privilege within the JetSelect application through obtaining the passwords of JetSelect administrators. JetSelect administrators have the ability to modify and delete all networking configuration across a vessel, as well as altering network configuration of all managed network devices (switches, routers).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Bond Technology Management JetSelect 安全漏洞
Vulnerability Description
Bond Technology Management JetSelect是塞浦路斯Bond Technology Management公司的一款用于管理船上IP和网络的应用程序。 Bond Technology Management JetSelect中的Java类(ENCtool.jar)和相应的密码生成算法(用于在首次安装时设置初始密码)存在安全漏洞。攻击者可利用该漏洞获取JetSelect管理员的密码,从而能够修改和删除容器中的所有网络配置。
CVSS Information
N/A
Vulnerability Type
N/A