This does state they found unencrypted password, meaning they were plain text readable. This means if you accessed where that password is stored you would be able to read it in as if you typed it.
They also state they found passwords on a TOR (dark web)site for employees. These are obtained many ways but typically these days people get a phishing email to confirm their password and they do, then people post these to databases on Tor sites.
So at the very least employees have been successfully phished in the past and there are plain text passwords in the systems they scanned.
As an IT professional this calls the whole system’s security into question. The voting system should be treated like a secure DoD network which these types of vulnerabilities are much harder to find. It’s bad news for them.
IT person here.
This does state they found unencrypted password, meaning they were plain text readable. This means if you accessed where that password is stored you would be able to read it in as if you typed it.
They also state they found passwords on a TOR (dark web)site for employees. These are obtained many ways but typically these days people get a phishing email to confirm their password and they do, then people post these to databases on Tor sites.
So at the very least employees have been successfully phished in the past and there are plain text passwords in the systems they scanned.
As an IT professional this calls the whole system’s security into question. The voting system should be treated like a secure DoD network which these types of vulnerabilities are much harder to find. It’s bad news for them.
Thank you!!!