[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes
From: "Jérôme" ATHIAS <jerome.athias@xxxxxxxxxxxx>
Date: 31 Aug 2004 20:38:15 -0000

Date:  Tue, 31 Aug 2004 00:38:05 -0400
Subject:  http://www.blackboxvoting.org/?q=node/view/78

BlackBoxVoting.org reported a vulnerability in the Diebold GEMS central 
tabulator.

A local authenticated user can enter a two-digit code in a certain "hidden" 
location 
to cause a second set of votes to be created on the system.  This second set of 
votes 
can be modified by the local user and then read by the voting system as 
legitimate 
votes, the report said.

GEMS 1.18.18, GEMS 1.18.19, and GEMS 1.18.23 are affected.

The vendor was reportedly notified on July 8, 2003.

Solution:  No vendor solution was available at the time of this entry.

Vendor URL:  www.diebold.com/dieboldes/GEMS.htm (Links to External Site)

Prev by Date: [SECURITY] [DSA 543-1] New krb5 packages fix several vulnerabilities
Next by Date: OpenServer 5.0.6 OpenServer 5.0.7 : apache mod_digest Incorrect Client Response Verification Vulnerability
Previous by thread: [SECURITY] [DSA 543-1] New krb5 packages fix several vulnerabilities
Next by thread: RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes
Index(es):
- Date
- Thread