<html><head></head><body><div style="font-family: Verdana;font-size: 12.0px;"><div>
<div>In the interest of full disclosure, this is final notification regarding an authentication bypass bug for the VOTER Remote Console running on the telnet service..</div>
<div> </div>
<div>The specific method of authentication bypass along with other specific data has been scrubbed:</div>
<div> </div>
<div>root@pentest:~# telnet XX.XX.XX.XX<br/>
Trying XX.XX.XX.XX...<br/>
Connected to XX.XX.XX.XX.<br/>
Escape character is '^]'.</div>
<div><br/>
VOTER System Serial # XXXX Remote Console Access</div>
<div>Login: *<redacted>*</div>
<div>Logged in successfully, now joining console session...</div>
<div>Select the following values to View/Modify:</div>
<div>1 - Serial # (XXXX) (which is MAC ADDR 00:XX:XX:XX:XX:XX)<br/>
2 - VOTER Server Address (FQDN) (XX.XX.XX.XX)<br/>
3 - VOTER Server Port (667), 4 - Local Port (Override) (0)<br/>
5 - Client Password (XXXX), 6 - Host Password (XXXX)<br/>
7 - Tx Buffer Length (3000)<br/>
8 - GPS Data Protocol (0=NMEA, 1=TSIP) (1)<br/>
9 - GPS Serial Polarity (0=Non-Inverted, 1=Inverted) (0)<br/>
10 - GPS PPS Polarity (0=Non-Inverted, 1=Inverted, 2=NONE) (0)<br/>
11 - GPS Baud Rate (9600)<br/>
12 - External CTCSS (0=Ignore, 1=Non-Inverted, 2=Inverted) (1)<br/>
13 - COR Type (0=Normal, 1=IGNORE COR, 2=No Receiver) (0)<br/>
14 - Debug Level (10)<br/>
15 - Alt. VOTER Server Address (FQDN) ()<br/>
16 - Alt. VOTER Server Port (Override) (0)<br/>
17 - DSP/BEW Mode NOT SUPPORTED<br/>
18 - "Duplex Mode 3" (0=DISABLED, 1-255 Hang Time) (1/10 secs) (0)<br/>
19 - Simulcast Launch Delay (0) (approx 200 ns, 5 = 1us, > 0 to ENA SC)<br/>
97 - RX Level, 98 - Status, 99 - Save Values to EEPROM<br/>
i - IP Parameters menu, o - Offline Mode Parameters menu<br/>
q - Disconnect Remote Console Session, r - reboot system, d - diagnostics</div>
<div>Enter Selection (1-27,97-99,r,q,d) :</div>
<div>__</div>
<div> </div>
<div>Isn't this 2016? Why are we still using the telnet service? Any interest in patching this?</div>
<div> </div>
<div>Travis Giedratis</div>
<div>tgiedratis@gmx.com</div>
</div></div></body></html>