issues
search
siv-org
/
siv
Secure Internet Voting protocol
https://siv.org
Other
12
stars
9
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
The Frontend & Backend is Open to Supply Chain Attacks
#204
anon-person404
opened
2 months ago
1
Shorten JWT Expiration Time for Improved Session Management
#203
cjackett
opened
2 months ago
2
Explicitly Set JWT Signing Algorithm to Ensure Security
#202
cjackett
opened
2 months ago
1
Avoid Logging JWT Contents to Prevent Sensitive Data Exposure
#201
cjackett
opened
2 months ago
1
HACK SIV — End of Day Report (Fri Aug 9)
#200
arianabuilds
opened
2 months ago
1
Vulnerabilites Found Based on Questions
#199
Gr33nMach1ne
opened
2 months ago
1
No Security.md file for tracking versions within the repo
#198
Gr33nMach1ne
opened
2 months ago
1
Email disinformation
#197
GABuras
opened
2 months ago
1
Verification went to spam
#196
GABuras
opened
2 months ago
3
A more formal threat model is needed & third party software vendors can control the election.
#195
mspecter
opened
2 months ago
0
Move Sensitive Environment Variables to a Secret Management Service
#194
cjackett
opened
2 months ago
1
Unrestricted CORS Policy Vulnerability
#193
cjackett
opened
2 months ago
1
HACK SIV — End of Day 3 Report (Thurs 8/8)
#192
dsernst
opened
2 months ago
1
Vulnerability to BGP Attacks?
#191
dsernst
opened
2 months ago
1
Docs: coercion resistance vs receipt-freeness
#190
dsernst
opened
2 months ago
1
Concern: If SIV adopted, jurisdictions may be too tempted to stop offering other voting options, effectively forcing digital voting on people
#189
dsernst
opened
2 months ago
0
Concern: Too much high-tech ("what's this cryptography mumbo jumbo?") for voters to understand & trust
#188
dsernst
opened
2 months ago
0
Link Auth votes aren't being emailed encrypted ballot submissions
#186
dsernst
opened
2 months ago
1
Admin ballot creator UI doesn't document `name` vs `value` scheme advanced option
#185
dsernst
opened
2 months ago
0
Score Vote ballot encodes both value & name fields, instead of just one
#184
dsernst
opened
2 months ago
0
Annoying to not be able to rename elections
#183
dsernst
opened
2 months ago
0
HACK SIV — Mock Election Now Live
#182
dsernst
closed
1 month ago
0
Vote for this vulnerability, and I will send you 1$.
#181
mspecter
opened
2 months ago
3
HACK SIV — Wed Aug 7th — End Of Day Report
#180
arianabuilds
opened
2 months ago
1
HACK SIV — Tue Aug 6th — Launch Day — End of Day Report
#179
arianabuilds
opened
2 months ago
0
Weak RNG in Auth Token Generation
#178
cjackett
closed
2 months ago
9
Lack of Input Validation and Sanitization in Admin Login Endpoint
#177
cjackett
closed
2 months ago
11
FAQ updates
#176
arianabuilds
closed
3 months ago
1
Improve Local Setup Documentation
#175
cjackett
closed
2 months ago
3
Lack of firestore type / schema safety
#174
dsernst
opened
3 months ago
0
db.voters could be more clearly named
#173
dsernst
opened
3 months ago
1
Unnecessary for db.votes to be separate from db.voters
#172
dsernst
opened
3 months ago
1
Voters in db currently indexed by email, not auth token
#171
dsernst
opened
3 months ago
3
Only a single RCV write-in currently possible
#170
dsernst
opened
3 months ago
0
Score Voting UI not width-efficient on small screens
#169
dsernst
opened
3 months ago
0
Big shuffle proofs can exceed firebase doc size limit
#168
dsernst
opened
3 months ago
1
Poor performance of multi-party post-election decryption for 3000+ selections
#167
dsernst
opened
3 months ago
1
Denial of Service attacks to Disenfranchise Voters
#164
dsernst
opened
3 months ago
2
Voter can't 100% verify their vote is securely cast until after election closes
#166
dsernst
opened
3 months ago
0
Hard for multi-party keyholders to verify trustee webapp isn't cheating
#161
arianabuilds
opened
3 months ago
0
Election admin can make up fake voters
#165
arianabuilds
opened
3 months ago
3
Brute forcing voter auth tokens
#160
arianabuilds
opened
3 months ago
2
Vote page does not warn voters about risks of spyware on their device
#162
arianabuilds
opened
3 months ago
4
Properly configured email DNS tags?
#163
arianabuilds
opened
3 months ago
2
Store cryptographic bytes in db as bytes, not strings
#158
dsernst
opened
3 months ago
1
Make link_auth derived from hash of encrypted vote, for stronger auth commitments
#157
dsernst
opened
3 months ago
0
QR Code improvements
#156
dsernst
opened
3 months ago
0
Ability to disable shuffle proofs during trustee decryption
#155
dsernst
closed
2 months ago
2
vote: Sort RCV write-in in real time too
#154
dsernst
closed
3 months ago
1
Randomize Candidate Order
#153
dsernst
opened
3 months ago
2
Previous
Next