CVE-2019-13021

Name of the Vulnerable Software and Affected Versions: Bond JetSelect versions (affected versions not specified)

Description: The issue concerns the storage of administrative passwords in an unprotected file on the filesystem, rather than being encrypted within the MySQL database. This file is created during the installation script after the administrator generates a password. As a result, any low-privilege user who can read this file can easily obtain the passwords for the administrative accounts of the JetSelect application. The file containing the encoded password hash is located at /opt/JetSelect/SFC/resources/sfc-general-properties.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.