lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: 31 Aug 2004 20:38:15 -0000
From: "Jérôme" ATHIAS <jerome.athias@...amail.com>
To: bugtraq@...urityfocus.com
Subject: Diebold Global Election Management System (GEMS) Backdoor Account
    Allows Authenticated Users to Modify Votes




Date:  Tue, 31 Aug 2004 00:38:05 -0400
Subject:  http://www.blackboxvoting.org/?q=node/view/78
 
BlackBoxVoting.org reported a vulnerability in the Diebold GEMS central tabulator.
 
A local authenticated user can enter a two-digit code in a certain "hidden" location 
to cause a second set of votes to be created on the system.  This second set of votes 
can be modified by the local user and then read by the voting system as legitimate 
votes, the report said.
 
GEMS 1.18.18, GEMS 1.18.19, and GEMS 1.18.23 are affected.
 
The vendor was reportedly notified on July 8, 2003.

 
Solution:  No vendor solution was available at the time of this entry.
 
Vendor URL:  www.diebold.com/dieboldes/GEMS.htm (Links to External Site)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ