On this page you will find a description of all confirmed findings, the severity of which Swiss Post classifies as high or critical after an in-depth technical analysis. The details are updated on a regular basis.
You can find an overview of the findings on the website of our community programme.
Confirmed findings with high and critical severity
Swiss Post permanently and fully discloses its future e-voting system. Experts can analyze the documents and test the source code. As part of the bug bounty program, Swiss Post pays rewards for confirmed vulnerabilities. These are cyber security and international best practice measures to keep security at the highest possible level. The aim of these measures is to find and eliminate possible points of attack in the system at an early stage on the basis of the reported findings.
All information, including questions, comments and findings, is published on the GitLab specialist platform.
Below you will find a regularly updated description of all confirmed findings, the severity of which Swiss Post classifies as high or critical after a detailed technical analysis.
The findings are listed chronologically after their publication time on GitLab.
Issue #YWH-PGM2323-190 : Concurrent command execution isolation broken
Date: August 2023
Reported by: Florian Moser
Severity: high
Reward paid: € 10,000
Description: The described fault reveals a vulnerability in one of the mechanisms (exactly once processing) that ensure cryptographic commands cannot be issued twice in components distributed in a decentralized manner. Depending on the scenario, double execution of a cryptographic command could compromise the validity of the choice return codes, the correctness of the result or the secrecy of the vote. In analysing the finding, Swiss Post has demonstrated that additional security mechanisms in the Hibernate framework used and in the database prevent such attacks, so it is not possible to exploit the finding. The specified mechanisms ensure that the commands already issued are stored, meaning that duplicate execution of the command is detected and rejected. Nevertheless, Swiss Post is correcting the exactly once processing mechanism as an additional security element.
Status and solution: The finding has already been resolved and the solution implemented in the latest release (Concurrent command execution isolation broken (#9) · Tickets · swisspost-evoting / E-voting / E-voting · GitLab)
Issue #5 (e-voting) SDM - Insecure USB file handling during 'importOperation'
Date: September 2021
Reported by: Ruben Santamarta
Severity: high
Reward paid: € 15,000
Description: The error described indicates that an attack on an offline entity of the Secure Data Manager (SDM) is possible if malware were to be saved on an encrypted data carrier used for the physical transport of data between online and offline computers. The canton uses the SDM program to set up the electronic contest before every election or vote. The program runs on several offline computers and one online computer within the canton’s infrastructure. By exploiting this error, an attacker could jeopardize the correct configuration of the electronic contest via an offline computer.
An attack could be carried out at the point when the imported data are validated and could be facilitated by the current lack of restriction on which data can be imported into the SDM directory.
Status and resolution: SDM - Insecure USB file handling during 'importOperation'
Issue #1 (e-voting) Insufficient Signature Validation of the Election Public Key resulting in possible attacks against individual verifiability
Date: October 2021
Reporting: Analysis of the Confederation’s independent experts (reported by: V. Teague, O. Pereira and Th. Haines), on the basis of which Swiss Post’s e-voting team discovered the error
Severity: high
Reward paid: Reported as part of the independent examination commissioned by the Confederation, no reward in the bug bounty programme
Description: The error would an attacker who has gained control over the voting client, the voting server and a control component, to endanger individual verifiability. The attacker could falsify a public key, a cryptographic component used to securely transmit a message to the voter unaltered, and get the other control components to accept it anyway. The voter themselves would not be able to determine that their vote was invalidated, i.e. individual verifiability would not be ensured. However, the attack would be discovered when the canton checked the votes.
Status and solution: Insufficient signature validation of the election public key resulting in possible attacks against individual verifiability
Issue #11 (e-voting documentation) Risk of privacy breach due to the CCMs not checking the ZKP before mix-decrypting
Date: June 2021
Reported by: Pierrick Gaudry, Véronique Cortier, Alexandre Debant
Severity: high
Reward paid: € 40,000
Description: If an attacker could control parts of Swiss Post’s server infrastructure and the last offline control component operated by the canton, it would be possible for them to exploit the error in order to break the voting secrecy of multiple votes. The control components do not currently check whether a ballot box belongs to a particular voting procedure. Nor do they check whether the votes in a ballot box have already been mixed and decrypted.
Status and solution: Risk of privacy breach due to the CCMs not checking the ZKP before mix-decrypting
Issue #2 (e-voting documentation) The algorithm GenCMTable allows an adversary to recover the election event's set of possible short return codes
Date: February 2021
Reported by: Thomas Haines
Severity: high
Reward paid: € 7,500
Description: An attacker who manages to break into the e-voting infrastructure can, by exploiting the described error, could obtain information that could help them guess choice return codes and the confirmation code. They could use this to indicate the correct registration of the vote to the voter while still recording the incorrect vote in the background.
Status and solution: The algorithm GenCMTable allows an adversary to recover the election event’s set of possible short return codes