Diebold Global Election Management System (GEMS) Backdoor Account Vote Modification

2004-08-31T00:00:00
ID OSVDB:9434
Type osvdb
Reporter OSVDB
Modified 2004-08-31T00:00:00

Description

Vulnerability Description

Diebold Global Election Management System (GEMS) contains a flaw that may allow a malicious user to manipulate arbitrary votes totals. The issue is triggered when entering a 2-digit code in a hidden location. It is possible that the flaw may allow the creation of a second set of votes, which causes the vote system to read the totals from the manipulated set resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Diebold Global Election Management System (GEMS) contains a flaw that may allow a malicious user to manipulate arbitrary votes totals. The issue is triggered when entering a 2-digit code in a hidden location. It is possible that the flaw may allow the creation of a second set of votes, which causes the vote system to read the totals from the manipulated set resulting in a loss of integrity.

References:

Vendor URL: http://www.diebold.com/dieboldes/GEMS.htm Security Tracker: 1011098 Other Advisory URL: http://www.blackboxvoting.org/?q=node/view/78 Other Advisory URL: http://www.us-cert.gov/cas/bulletins/SB04-252.html#diebold Mail List Post: http://www.interesting-people.org/archives/interesting-people/200408/msg00355.html ISS X-Force ID: 17177 Bugtraq ID: 11076