The authentication mechanism used by voters to activate a voting session on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery. An attacker could leverage this vulnera ...
Continue Reading
June 24, 2022
The authentication mechanism used by technicians on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery. An attacker with physical access may use this to gain administr ...
Continue Reading
June 24, 2022
The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election informa ...
Continue Reading
June 24, 2022
Weak default root user credentials allow remote attackers to easily obtain OS superuser privileges over the open TCP port for SSH.Read More ...
Continue Reading
June 24, 2022
The default password for the web applications root user (the vendors private account) was weak and the MD5 hash was used to crack the password using a widely available open-source tool.Read More ...
Continue Reading
June 24, 2022
LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials.Read More ...
Continue Reading
June 24, 2022
Client-side JavaScript controls may be bypassed by directly running a JS function to reboot the PLC (e.g., from the browser console) or by loading the corresponding, browser accessible PHP scriptRead ...
Continue Reading
June 24, 2022
LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data.Read More ...
Continue Reading
June 24, 2022
Back to Main
