Diebold Opti-scan Vote Data Manipulation

2005-05-27T00:24:34
ID OSVDB:17202
Type osvdb
Reporter Harri Hursti(bbvreport@hursti.net)
Modified 2005-05-27T00:24:34

Description

Vulnerability Description

The firmware in the Diebold AccuVote-OS Optical Scan system contains a flaw that may allow a malicious user to manipulate vote data. This flaw occurs because the system does not do integrity checking on the memory card installed. It is possible for a person to remove and replace the memory card with their own, without impacting the system. Such an alternate card could contain modified voting software that could impact the election being recorded.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

The firmware in the Diebold AccuVote-OS Optical Scan system contains a flaw that may allow a malicious user to manipulate vote data. This flaw occurs because the system does not do integrity checking on the memory card installed. It is possible for a person to remove and replace the memory card with their own, without impacting the system. Such an alternate card could contain modified voting software that could impact the election being recorded.

References:

Vendor URL: http://www.diebold.com/dieboldes/accuvote_os.htm Related OSVDB ID: 17203 Other Advisory URL: http://www.bbvforums.org/cgi-bin/forums/board-auth.cgi?file=/1954/5921.html Generic Informational URL: http://www.tallahassee.com/mld/tallahassee/news/local/11811936.htm