Vulnerability Note VU#948096
Huawei networking equipment weak password cipher
Huawei networking equipment use a DES encryption algorithm for password and encryption. DES is publicly known to be easily cracked.
Huawei Security Advisory Huawei-SA-20120827-01-CX600 states:
In multiple Huawei products, DES encryption algorithm is used for password and the encryption is not strong enough so it may be cracked (HWNSIRT-2012-0820).
An attacker with access to the Huawei networking equipment encryption file may be able to crack the DES encryption algorithm to recover the system password.
Huawei Security Advisory Huawei-SA-20120827-01-CX600 states the following temporary fixes:
1. Enhance the remote login management to the equipment and only allow login within the operator’s management network.
2. Strictly manage the accounts privilege.
3. Change the password regularly.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Huawei Technologies||Affected||-||31 Jul 2013|
CVSS Metrics (Learn More)
Thanks to Kurt Grutzmacher for reporting this vulnerability.
This document was written by Michael Orlando.
- CVE IDs: CVE-2012-4960
- Date Public: 17 Dec 2012
- Date First Published: 05 Aug 2013
- Date Last Updated: 03 Oct 2013
- Document Revision: 13
If you have feedback, comments, or additional information about this vulnerability, please send us email.