[App_rpt-users] Voter Remote Console - Authentication Bypass Bug

Jim Duuuude telesistant at hotmail.com
Tue Jan 12 17:48:35 UTC 2016


Thanks Bryan. I am already communicating with him privately.

Jim
________________________________________
From: app_rpt-users-bounces at ohnosec.org <app_rpt-users-bounces at ohnosec.org> on behalf of Bryan Fields <Bryan at bryanfields.net>
Sent: Tuesday, January 12, 2016 9:47 AM
To: app_rpt-users at ohnosec.org
Subject: Re: [App_rpt-users] Voter Remote Console - Authentication Bypass Bug

On 1/12/16 11:30 AM, Travis Giedratis wrote:
> In the interest of full disclosure, this is final notification regarding an
> authentication bypass bug for the VOTER Remote Console running on the
> telnet service..
>
> The specific method of authentication bypass along with other specific data
> has been scrubbed:

That's not full disclosure :)
Post it, this is very interesting.  I want to test this against RTCM units
which are evolved from the voter.

I'd hope most of these devices are behind firewalls or on VPN's.  The voters
are not Linux or another OS, it's a 16 bit microprocessor running embedded code.

Actually I may have one on the internet unprotected, need to check the router.

Thanks and 73's

--
Bryan Fields

727-409-1194 - Voice
727-214-2508 - Fax
http://bryanfields.net
_______________________________________________
App_rpt-users mailing list
App_rpt-users at ohnosec.org
http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users

To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"
You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.



More information about the App_rpt-users mailing list