Bugtraq mailing list archives

Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes

From: "Jérôme" ATHIAS <jerome.athias () caramail com>
Date: 31 Aug 2004 20:38:15 -0000

Date:  Tue, 31 Aug 2004 00:38:05 -0400
Subject:  http://www.blackboxvoting.org/?q=node/view/78

BlackBoxVoting.org reported a vulnerability in the Diebold GEMS central tabulator.

A local authenticated user can enter a two-digit code in a certain "hidden" location 
to cause a second set of votes to be created on the system.  This second set of votes 
can be modified by the local user and then read by the voting system as legitimate 
votes, the report said.

GEMS 1.18.18, GEMS 1.18.19, and GEMS 1.18.23 are affected.

The vendor was reportedly notified on July 8, 2003.

Solution:  No vendor solution was available at the time of this entry.

Vendor URL:  www.diebold.com/dieboldes/GEMS.htm (Links to External Site)

Current thread:

Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Jérôme (Aug 31)
- <Possible follow-ups>
- RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Ryan_Ward (Sep 27)
  - Re: Diebold Global Election Management System (GEMS) Backdoor Account Brian Kirkbride (Sep 29)
- RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes gandalf (Sep 28)
  - RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Jason T. Miller (Sep 29)
- RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Bruce Barnett (Sep 29)