Software Engineering Institute

Huawei Security Advisory Huawei-SA-20120827-01-CX600 states:

In multiple Huawei products, DES encryption algorithm is used for password and the encryption is not strong enough so it may be cracked (HWNSIRT-2012-0820).

This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2012-4960.

Temporary fix for this vulnerability is available. Huawei has made the version plan to resolve this vulnerability.

An attacker with access to the Huawei networking equipment encryption file may be able to crack the DES encryption algorithm to recover the system password.

Apply Update

Users are advised to read Huawei Security Advisory Huawei-SA-20120827-01-CX600 for fix information and apply updates as recommened.

Huawei Security Advisory Huawei-SA-20120827-01-CX600 states the following temporary fixes:

1. Enhance the remote login management to the equipment and only allow login within the operator’s management network.

2. Strictly manage the accounts privilege.

3. Change the password regularly.