Diebold Opti-scan Vote Program Manipulation

2005-05-27T00:24:34
ID OSVDB:17203
Type osvdb
Reporter Harri Hursti(bbvreport@hursti.net)
Modified 2005-05-27T00:24:34

Description

Vulnerability Description

The firmware in the Diebold AccuVote-OS Optical Scan system contains a flaw that may allow a malicious user to manipulate vote data. This flaw occurs because the system does not do integrity checking on the memory card installed. It is possible for a person to remove and replace the memory card with their own, without impacting the system. Such an alternate card could contain modified voting data that would be processed by the system, appearing as legitimate votes.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

The firmware in the Diebold AccuVote-OS Optical Scan system contains a flaw that may allow a malicious user to manipulate vote data. This flaw occurs because the system does not do integrity checking on the memory card installed. It is possible for a person to remove and replace the memory card with their own, without impacting the system. Such an alternate card could contain modified voting data that would be processed by the system, appearing as legitimate votes.

References:

Vendor URL: http://www.diebold.com/dieboldes/accuvote_os.htm Related OSVDB ID: 17202 Other Advisory URL: http://www.bbvforums.org/cgi-bin/forums/board-auth.cgi?file=/1954/5921.html Generic Informational URL: http://www.tallahassee.com/mld/tallahassee/news/local/11811936.htm