SQL Server Port 1433 Open to Any Global IP – Direct Database Modification Without Application Layer (CO)

The Dominion EMS SQL Server was configured with firewall rules accepting inbound connections on port 1433 from any IP address worldwide, bypassing the certified application layer entirely. The Mesa County Forensic Team demonstrated this vulnerability empirically: a non-Dominion workstation – and even an iPhone SQL client – could directly query and modify election databases without interacting with the certified Dominion software. This is not a theoretical risk; it is a documented architectural deficiency in the deployed production system.