News Start Security Advisory-Risk of Password Being Cracked Due to DES Encryption Algorithm SA No: Huawei-SA-20120827-01-CX600 Release Date: 12nd December, 2012 summary In multiple Huawei products, DES encryption algorithm is used for password and the encryption is not strong enough so it may be cracked (HWNSIRT-2012-0820). This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2012-4960. Temporary fix for this vulnerability is available. Huawei has made the version plan to resolve this vulnerability. Affected Products 1、Involved versions: Affected product Affected version V300R007 NE5000E V800R002 MA5200G V200R003 V300R003 V300R003 NE40E/80E V600R001 V600R002 V600R003(excluding V600R003C00SPCA00) ATN V200R001C00, V200R001C01 NE40/NE80 V300R005 NE20E-X6 V600R003 NE20 V200R005 ME60 V100R005 V100R006 V600R002 V600R003 V600R005C00SPC600 CX600 CX200/CX300 V200R002 V600R001 V600R002 V600R003 (excluding V600R003C00SPCA00) V100R005 V100R003C01SPC100 ACU V200R001C00SPC100 V200R001C00 WLAN AC 6605 S9300 V200R001C00 V200R001C00SPC100 V100R001 V100R002 V100R003 V100R006 S7700 V100R003 V100R006 S2300/S3300/S5300 V100R002 V100R003 S2300/S3300/S5300 /S2700/S3700/S570 V100R005 0 S2300/S3300/ S5300/S3300HI/ S5300HI/S5306/ V100R006 S6300/S2700/S3 700/S5700/S6700 S3300HI/S5300HI /S5306/S6300/S3 V200R001 700/S5700/S6700 V200R001C00 AR G3 V200R001C01 V200R002C00SPC200 H3C AR(OEM IN) AR x9 series R2209 and earlier versions AR 19/29/49 R2207 and earlier versions Eudemon100E V200R007 Eudemon200 V200R001 Eudemon300&500& 1000 Eudemon1000E-U/U SG5300 Eudemon1000E-X/U SG5500 Eudemon8080E&81 60E/USG9300 Eudemon8000E-X/U SG9500 E200E-C&X3&X5&X7 /USG2200&5100 E200E-B&X1&X2/US G2100 SVN5300 SVN2000&5000 series V200R006C02 and earlier versions V200R001 and earlier versions V200R002 and earlier versions V100R003C00 and earlier versions V200R001C00SPC600 and earlier versions V200R003C00 and earlier versions V100R005C01 and earlier versions V100R001C01B019 V200R001C00 SVN3000 V100R002C02SPC802B041 NIP100/200/1000 V100R001 NIP2100&2200&510 0 V100R001C00 Impact 1.If attackers acquire the encryption file, they may crack the DES encryption algorithm to get the password. Vulnerability Scoring Details The vulnerability classification has been performed by using the CVSSv2 scoring system (http://www.first.org/cvss/). Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P) Temporal Score: 5.6(E:F/RL:T/RC:C) Technique Details Prerequisite: The attacker can log in to the device, and has privilege to get configuration with encrypted passwords. Procedures: The attacker acquires the user password stored by encryption and crack DES encryption algorithm to get the password in clear text. Impact: The attacker acquires the password. Temporary Fix 1. Enhance the remote login management to the equipment and only allow login within the operator’s management network. 2. Strictly manage the accounts privilege. 3. Change the password regularly. Software Versions and Fixes Solutions: Abandon DES algorithm and adopt AES256 algorithm. Version upgrade information and upgrade date: Affected product Solved version Solved time NE5000E V800R003C00 09.19.2012 ATN V200R001C02 08.20.2012 NE40E&NE80E CX600 ME60 V600R003C00SPCA00 V600R005C00 V600R003C00SPCA00 09.15.2012 09.15.2012 V600R005C00 V600R005C00 09.15.2012 AR 19/29/49 R 2209 and later version 03.09.2012 ACU V200R002 08.31.2012 WLAN AC 6605 V200R002 08.31.2012 S3300HI/S5300/S6300/S3700HI/ S5700/S6700 V200R001C00 08.31.2012 S9300/S9300E/S7700/S9700 V200R001C00 08.31.2012 S2300/S3300/S2700/S3700 V100R006C03 08.31.2012 Release version: 08.31.2012 AR G3 V200R002C01SPC200 Cold patch: V200R002SPC002 AR x8 series; AR x9 series H3C AR(OEM IN) R2209 and the later 03.30.2012 version Eudemon100E Eudemon200 Eudemon300&500&1000 Eudemon1000E-U/USG5300 Eudemon1000E-X/USG5500 Eudemon8080E&8160E/USG9300 Eudemon8000E-X/USG9500 E200E-X 08.31.2012 V300R001C00SPC600 Eudemon 08.31.2012 1000E-X/USG5500 V300R001C00SPC600 Eudemon8000E V200R001C00SPC800/ 07.30.2012 V200R001C01SPC500 USG2200&5100 V300R001C00SPC600 08.31.2012 USG2100 V300R001C00SPC100 08.31.2012 SVN5300 SVN5500(product replacement) 02.28.2012 SVN2000&5000 series V200R001C01SPC200 06.20.2012 SVN3000 SVN2260 06.20.2012 V200R001C01SPC200 NIP5100/NIP2200/NIP210 NIP100/200/1000 0 V100R001C01(product 07.30.2012 replacement) NIP2100&2200&5100 V100R001C01SPC200 07.30.2012 FAQs Null Obtaining Fixed Software http://support.huawei.com/support/ Please search the corresponding version according to the product models used and the versions listed in this advisory for downloading after you have logged in to the support Web site of Huawei. Contact Channel for Technique Issue NSIRT@huawei.com PSIRT@huawei.com For general problems about Huawei products and solutions, please directly contact Huawei TAC (Huawei Technical Assistance Center) to request the configuration or technical assistance. Revision History 2012-8-27 V1.0 INITIAL 2012-10-08 V1.1 Update 2012-11-07 V1.2 Update 2012-12-12 V1.3 Update Exploitation and Vulnerability Source This vulnerability is reported by Emaze Networks. The Huawei PSIRT is not aware of any malicious use launch to attack through the vulnerability described in this advisory. Declaration This document is provided on an "AS IS" basis and does not imply any kind of guarantee or warranty, either express or implied, including the warranties of merchantability or fitness for a particular purpose. In no event shall Huawei Investment & Holding Co., Ltd. or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by whatsoever means, will be totally at your own risk. Huawei is entitled to amend or update this document from time to time. The information and data embodied in this document and any attachment are strictly confidential information of Huawei and are supplied on the understanding that they will be held confidentially and not disclosed to third parties without the prior written consent of Huawei. You shall use all reasonable efforts to protect the confidentiality of information. In particular, you shall not directly or indirectly disclose, allow access to, transmit or transfer the information to a third party without our prior written consent. Thank for your co-operation. Huawei Security Procedures Contact us through PSIRT@huawei.com if you need to: 1. Provide feedback on security vulnerability of Huawei products. 2. Get support for Huawei security emergency response services. 3. Obtain Huawei security vulnerability information. News End