Partial voting systems passwords were exposed on Colorado Department of State's website, Colorado Secretary of State confirms
CBS 4 News
Partial passwords to Colorado's voting systems were recently found to be exposed on the Colorado Department of State's website, the Colorado Secretary of State's office confirmed on Tuesday. The office said this exposure did not pose an immediate threat to the security of the state's elections or pose an impact to the counting of ballots on Election Day.
According to the SOS's press release, "... a spreadsheet located on the Department's website improperly included a hidden tab including partial passwords to certain components of Colorado voting systems."
The Secretary of State says all election equipment components are assigned two unique passwords that are supposed to be kept in separate places and held by different individuals. Those passwords are also supposed to only function when used physically by an authorized person accessing a voting system. Further security measures also dictate voting equipment be stored in secure rooms that require ID badge access.
According to SOS, "The Department took immediate action as soon as it was aware of this, and informed the Cybersecurity and Infrastructure Security Agency, which closely monitors and protects the county's essential security infrastructure. The Department is working to remedy this situation where necessary."
The Colorado Republican party first released information announcing it had received a report that confirmed the voting systems exposure. This was shared on Tuesday morning ahead of confirmation by the Colorado Secretary of State.
"We hear all the time in Colorado from Secretary Griswold and Governor Polis that we represent the 'Gold Standard' for election integrity, a model for the nation," said Dave Williams in a press release, chairman of the Republican Party of Colorado. "One can only hope that by the Secretary of State posting our most sensitive passwords online to the world dispels that myth." Williams said.
"It's shocking really. At best, even if the passwords were outdated, it represents significant incompetence and negligence, and it raises huge questions about password management and other basic security protocols at the highest levels within Griswold's office," Williams continued. This type of security breach could have far-reaching implications, putting the entire Colorado election results for the vast majority of races, including the tabulation for the Presidential race in Colorado, in jeopardy unless all of the machines can meet the standards of a "Trusted Build" before next Tuesday.
CBS Colorado also contacted the Colorado Democratic Party for comment on the partial passwords exposure and was awaiting a response.