One Article Review
| Source |  Reversemode |
|---|---|
| Identifiant | 8654604 |
| Date de publication | 2023-02-14 12:57:29 (vue: 2025-03-07 20:12:10) |
| Titre | Trouver des vulnérabilités dans le futur système de vote électronique Swiss Post \\ - Partie 2 Finding vulnerabilities in Swiss Post\\'s future e-voting system - Part 2 |
| Texte | Earlier this year I published the Part I of this series of blog posts on vulnerabilities in Swiss Post\'s future e-voting system. That publication comprehensively explains the context, methodology and attack surface for the Swiss Post e-voting system, so it is highly recommended to go through it before reading this post, if you\'re really interested in getting the whole picture.This second round of bugs (reported during December \'21 and January \'22 ) includes multiple cryptographic vulnerabilities and a deserialization issue. For me, the most interesting issue is \'#YWH-PGM2323-65\', not only because it would have prevented ballot boxes from being decrypted during the tally phase, but also due to the potential design weaknesses that I\'m coming across as a result of its analysis. Let\'s briefly discuss the reported issues before going into detail:IDTitleReward (€)Attack Surface Areas*CVSS#YWH-PGM2323-53Multiple unchecked length values during SafeStreamDeserialization may crash Control Components35003 & 4 |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | #60 #ywh #ywh for multiple 4 although because domain however just let multiple my /** 0 and 0/av:a/ac:h/pr:h/ui:n/s:c/c:n/i:n/a:h#ywh 0/av:a/ac:h/pr:h/ui:r/s:c/c:h/i:h/a:h*the 0/av:a/ac:h/pr:h/ui:r/s:c/c:n/i:h/a:n#ywh 096: 097: 098: 099: 1 corresponds 1 equals 100 100: 101 101: 102: 103: 104: 105: 106: 107: 108: 109: 110: 111: 112: 113: 114: 115 115: 116: 117: 118: 119: 120: 121: 122: 123: 124: 125: 126: 127: 128: 129 129: 130: 131: 132: 133: 134: 135: 136: 137: 138: 139: 140: 141: 142: 143: 144: 145: 146: 147: 148: 149: 150: 151: 152: 153: 154: 155: 156 156: 157: 158 158: 159: 160: 161: 162: 163: 164: 165 165: 166: 167: 168: 169: 170: 171: 172: 173: 174: 175 175: 176: 177: 178: 179: 180: 181: 182: 183: 184: 185: 186: 187: 188: 189: 189:return 190 190: 191: 192: 193: 194: 195: 196: 197: 198: 199 199: 200: 201: 202: 203: 204: 205: 206: 207: 208: 209: 210: 211: 212: 213: 214: 215: 216 216: 217: 218: 219: 220: 221: 222: 223: 224: 225: 226: 227: 228: 229: 230: 277: 278: 279: 280: 281: 282: 283: 284: 285: 286: 287: 288: 289: 290: 291: 292: 295: 296: 297: 298: 299: 300: 301: 302: 303: 304: 305: 306: 307: 308 308: 309: 309:wipeallsharesfrommemory 310: 311: 312: 313: 314: 315: 316: 317: 318: 319: 320 320: 321: 322: 323: 324: 325: 326: 327: 328: 329: 3rd 41: 42: 43: 44: 450035 45: 46: 47: 48: 49: 50: 513: 514: 515: 516: 517: 518: 519: 51: 520: 521: 522: 523 523: 524: 525: 526: 527: 528: 529: 52: 53 530: 531: 532: 533: 534: 535: 537: 538: 539: 53: 53multiple 540: 541: 542: 543: 544: 545: 546: 549: 54: 550: 551: 552: 553: 554: 555: 556: 557: 558: 559: 55: 560: 561: 562: 563: 564: 565: 568: 569: 56: 570: 571: 572: 573: 57: 58: 59: 60: 61 61: 62: 63: 64 64: 64verifier 65 65: 65generationof 66: ;#ywh ;eventually ;file: =asymmetricservice =new =nodecertificates @override @rabbitlistener @throws ARRAY Elgamal JSON Key Key>mixingpublickeys List Public ability able about above abused accepted acknowledge across actual actually add addition additionally address adduced adjust admin affected affecting after against agree algorithm alias all allocate allow allowed also amount amqp analysis another any anywhere arbitrary are areas areas*cvss#ywh areelectoralauthoritykeysserialized array arraycopy arraylist> arrays arraysize assessment assigned assumed attack attack: attacker attacks auditors authorities authority autostartup availability available back backend/services/src/main/java/ch/post/it/evoting/sdm/application/service/electoralauthorityservice backend/services/src/main/java/ch/post/it/evoting/sdm/application/service/votingcardsetservice backend/services/src/main/java/ch/post/it/evoting/sdm/domain/service/impl/votingcardsetdatageneratorserviceimpl backend/services/src/main/java/ch/post/it/evoting/sdm/domain/service/utils/elgamalpublickeycombinerwithcompression bad ballot ballotbox ballotboxid ballotboxinformation ballotid base base64 based basically because been before being belong belonging between biginteger block1/src/main/java/ch/post/it/evoting/verifier/block/block1/verifications/checksignodecontributions blog board boolean both bounds box boxes briefly broken bugs buildlistwithcompressedfinalelement but bypass byte can cannot cantons case catch ccm ccmj choice ccmj election ccmj public ccmjkeyrepository ccn ccpath ccpublickey ccr ccr/ccm cdec cert certificate certificatechain certificatefrompem certificateloader certificatemanagementexception certificates certificatetopem certs chain chains check checkchoicecodesencryptionkeysignature checking checkmixingkeysignature checknotnull checks checkvotingcardsetstatustransition choice choicecodeencryptionkey choicecodekeysjsonarray choicecodesencryptionkeys choicecodesencryptionpublickey choicecodesencryptionpublickey; choicecodesencryptionpublickeyjson choices choose chunk chunkcount chunkcount; ciphertexts class cleansed cleansedballotboxrepository cleansedballotboxrepositoryexception cleansedballotboxserviceexception cleansing clearly cl |
| Tags | Ransomware Vulnerability |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.