CVE-2019-13022
Description
Bond JetSelect (all versions) has an issue in the Java class (ENCtool.jar) and corresponding password generation algorithm (used to set initial passwords upon first installation). It XORs the plaintext into the 'encrypted' password that is then stored within the database. These steps are able to be trivially reversed, allowing for escalation of privilege within the JetSelect application through obtaining the passwords of JetSelect administrators. JetSelect administrators have the ability to modify and delete all networking configuration across a vessel, as well as altering network configuration of all managed network devices (switches, routers).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Bond JetSelect uses a trivially reversible XOR-based password encryption, allowing low-privileged users to recover administrator passwords and gain full network control.
Vulnerability
The vulnerability resides in the password generation algorithm implemented in the Java class ENCtool.jar within Bond JetSelect (all versions). Upon first installation, the application XORs the plaintext password with a static key to produce an "encrypted" password stored in the database. This XOR operation is symmetric and easily reversible, as the encryption key is embedded in the application. The algorithm provides no cryptographic security, allowing anyone with access to the encrypted password to recover the plaintext.
Exploitation
An attacker with low-privileged access to the system (e.g., a user who can read the database or the configuration files) can retrieve the stored encrypted password. Since the XOR key is known (embedded in the application), the attacker can trivially reverse the encryption to obtain the plaintext password. No authentication or special privileges are required beyond the ability to access the stored encrypted value. The reference [1] notes that the installation script also writes a backup of password hashes to a .bak file accessible to low-privileged users, which combined with this vulnerability enables full recovery.
Impact
Successful exploitation allows an attacker to obtain the plaintext password of a JetSelect administrator. JetSelect administrators have the ability to modify and delete all networking configuration across a vessel, as well as alter the network configuration of all managed network devices (switches, routers). This results in a complete compromise of network segregation and control, potentially leading to denial of service, unauthorized access, or reconfiguration of critical maritime network infrastructure.
Mitigation
The vendor, JetStream, has published patches for this vulnerability as noted in the advisory [1]. Users should update to the latest version of Bond JetSelect that addresses the weak encryption algorithm. No workaround is available; the fix involves replacing the XOR-based encryption with a cryptographically secure password hashing mechanism. If patching is not immediately possible, restrict access to the database and configuration files to only trusted administrators.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Bond/JetSelectdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.