OSVDB ID: 58091

Title: Diebold Global Election Management System (GEMS) Server Unspecified Backdoor Account

Info

Disclosure

Jul 27, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

By default, GEMS Server installs an undocumented remotely accessible account with no password. This allows attackers to trivially access the program or system.

Classification

Location: Remote / Network Access
Attack Type: Authentication Management
Impact: Loss of Integrity
Solution: Change Default Setting
OSVDB: Backdoor

Solution

Immediately after installation, change (create a) password to a unique and secure password for the undocumented account.

Products

Premier Election Solutions (Diebold)

GEMS Server

1.18.24

References

Related OSVDB ID: 58092 58093 58094 58096 58097 58098
Other Advisory URL: http://www.sos.ca.gov/elections/elections_vsr.htm
http://www.sos.ca.gov/elections/voting_systems/ttbr/red_diebold.pdf

Credit

University of California -

Direct URL: http://osvdb.org/58091