The tested version of Dominion Voting Systems ImageCast X does not validate application signatures to a trusted root certificate. Use of a trusted root certificate ensures software installed on a devi ...
Continue Reading
June 24, 2022
The tested version of Dominion Voting Systems ImageCast Xs on-screen application hash display feature, audit log export, and application export functionality rely on self-attestation mechanisms. An ...
Continue Reading
June 24, 2022
The tested version of Dominion Voting Systems ImageCast X has a Terminal Emulator application which could be leveraged by an attacker to gain elevated privileges on a device and/or install malicious c ...
Continue Reading
June 24, 2022
The tested version of Dominion Voting Systems ImageCast X allows for rebooting into Android Safe Mode, which allows an attacker to directly access the operating system. An attacker could leverage this ...
Continue Reading
June 24, 2022
The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election informa ...
Continue Reading
June 24, 2022
Weak default root user credentials allow remote attackers to easily obtain OS superuser privileges over the open TCP port for SSH.Read More ...
Continue Reading
June 24, 2022
The default password for the web applications root user (the vendors private account) was weak and the MD5 hash was used to crack the password using a widely available open-source tool.Read More ...
Continue Reading
June 24, 2022
LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials.Read More ...
Continue Reading
June 24, 2022
Back to Main
