CVE-2019-13023
MEDIUMJetSelect - Insufficiently Protected Credentials via HTML Password Field Obfuscation
Title source: llmDescription
An issue was discovered in all versions of Bond JetSelect. Within the JetSelect Application, the web interface hides RADIUS secrets, WPA passwords, and SNMP strings from 'non administrative' users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://labs.nettitude.com/blog/cve-2019-13021-22-23-jetselect-network-segregation-application/
Scores
CVSS v3
6.5
EPSS
0.0083
EPSS Percentile
52.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
CWE-522
Status
published
Products (1)
jetstream/jetselect
Published
May 14, 2020
Tracked Since
Feb 18, 2026