18 matches found
EUVD-2020-29819
Malware in sbrugna...
EUVD-2020-29818
Malware in sbrugna...
CVE-2020-8989
In the Voatz application 2020-01-01 for Android, the amount of data transmitted during a single voter's vote depends on the different lengths of the metadata across the available voting choices, which makes it easier for remote attackers to discover this voter's choice by sniffing the network. Fo...
CVE-2020-8988
The Voatz application 2020-01-01 for Android allows only 100 million different PINs, which makes it easier for attackers after using root access to make a copy of the local database to discover login credentials and voting history via an offline brute-force approach...
A week in security (February 17 – 23)
Last week on Malwarebytes Labs, we highlighted the benefits and concerns of identity-as-a-service IDaaS, an identity management scheme deployed from the cloud; reported on scammers and squatters taking advantage of Rudy Giuliani’s Twitter typos; and gave a high-level overview of RobbinHood, the...
Voatz Internet Voting App Is Insecure
This paper describes the flaws in the Voatz Internet voting app: "The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections." Abstract: In the 2018 midterm elections, West Virginia became the first state in the...
Researchers: Hackers Can Seize Control of Ballots Cast Using the Voatz Voting App
Security researchers have found key flaws in a mobile voting app that some states plan to use in the 2020 election that can allow hackers to launch both client- and server-side attacks that can easily manipulate or even delete someone’s vote, as well as prevent a reliable audit from taking place...
CVE-2020-8988
The Voatz application 2020-01-01 for Android allows only 100 million different PINs, which makes it easier for attackers after using root access to make a copy of the local database to discover login credentials and voting history via an offline brute-force approach...
CVE-2020-8989
In the Voatz application 2020-01-01 for Android, the amount of data transmitted during a single voter's vote depends on the different lengths of the metadata across the available voting choices, which makes it easier for remote attackers to discover this voter's choice by sniffing the network. Fo...
CVE-2020-8989
In the Voatz application 2020-01-01 for Android, the amount of data transmitted during a single voter's vote depends on the different lengths of the metadata across the available voting choices, which makes it easier for remote attackers to discover this voter's choice by sniffing the network. Fo...
CVE-2020-8988
The Voatz application 2020-01-01 for Android allows only 100 million different PINs, which makes it easier for attackers after using root access to make a copy of the local database to discover login credentials and voting history via an offline brute-force approach...
Design/Logic Flaw
The Voatz application 2020-01-01 for Android allows only 100 million different PINs, which makes it easier for attackers after using root access to make a copy of the local database to discover login credentials and voting history via an offline brute-force approach...
Design/Logic Flaw
In the Voatz application 2020-01-01 for Android, the amount of data transmitted during a single voter's vote depends on the different lengths of the metadata across the available voting choices, which makes it easier for remote attackers to discover this voter's choice by sniffing the network. Fo...
CVE-2020-8988
The Voatz application 2020-01-01 for Android allows only 100 million different PINs, which makes it easier for attackers after using root access to make a copy of the local database to discover login credentials and voting history via an offline brute-force approach...
CVE-2020-8988
The CVE-2020-8988 entry concerns the Voatz Android app (2020-01-01). The documented vulnerability is a limited PIN space: only 100 million possible PINs, which enables offline brute-forcing of login credentials and voting history after an attacker gains root access to copy the local database. The...
CVE-2020-8989
The CVE-2020-8989 entry concerns the Voatz Android app (2020-01-01). The vulnerability is that the amount of data transmitted for a voter’s choice correlates with the metadata lengths across voting options, enabling an observer to infer a voter’s choice by sniffing network traffic. The root cause...
CVE-2020-8989
In the Voatz application 2020-01-01 for Android, the amount of data transmitted during a single voter's vote depends on the different lengths of the metadata across the available voting choices, which makes it easier for remote attackers to discover this voter's choice by sniffing the network. Fo...
Voting App Flaws Could Have Let Hackers Manipulate Results
New research from MIT shows that the Voatz app appears to have some glaring security holes...