Security Advisory-Risk of Password Being Cracked Due to DES

advertisement
News Start
Security Advisory-Risk of Password Being Cracked Due to
DES Encryption Algorithm
SA No: Huawei-SA-20120827-01-CX600
Release Date: 12nd December, 2012
summary
In multiple Huawei products, DES encryption algorithm is used for password and the
encryption is not strong enough so it may be cracked (HWNSIRT-2012-0820).
This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID:
CVE-2012-4960.
Temporary fix for this vulnerability is available. Huawei has made the version plan to
resolve this vulnerability.
Affected Products
1、Involved versions:
Affected product
Affected version
V300R007
NE5000E
V800R002
MA5200G
V200R003
V300R003
V300R003
NE40E/80E
V600R001 V600R002 V600R003(excluding
V600R003C00SPCA00)
ATN
V200R001C00, V200R001C01
NE40/NE80
V300R005
NE20E-X6
V600R003
NE20
V200R005
ME60
V100R005 V100R006 V600R002 V600R003
V600R005C00SPC600
CX600
CX200/CX300
V200R002 V600R001 V600R002 V600R003 (excluding
V600R003C00SPCA00)
V100R005
V100R003C01SPC100
ACU
V200R001C00SPC100
V200R001C00
WLAN AC 6605
S9300
V200R001C00
V200R001C00SPC100
V100R001 V100R002 V100R003 V100R006
S7700
V100R003 V100R006
S2300/S3300/S5300
V100R002 V100R003
S2300/S3300/S5300
/S2700/S3700/S570
V100R005
0
S2300/S3300/
S5300/S3300HI/
S5300HI/S5306/
V100R006
S6300/S2700/S3
700/S5700/S6700
S3300HI/S5300HI
/S5306/S6300/S3
V200R001
700/S5700/S6700
V200R001C00
AR G3
V200R001C01
V200R002C00SPC200
H3C AR(OEM IN)
AR x9 series R2209 and earlier versions
AR 19/29/49
R2207 and earlier versions
Eudemon100E
V200R007
Eudemon200
V200R001
Eudemon300&500&
1000
Eudemon1000E-U/U
SG5300
Eudemon1000E-X/U
SG5500
Eudemon8080E&81
60E/USG9300
Eudemon8000E-X/U
SG9500
E200E-C&X3&X5&X7
/USG2200&5100
E200E-B&X1&X2/US
G2100
SVN5300
SVN2000&5000
series
V200R006C02 and earlier versions
V200R001 and earlier versions
V200R002 and earlier versions
V100R003C00 and earlier versions
V200R001C00SPC600 and earlier versions
V200R003C00 and earlier versions
V100R005C01 and earlier versions
V100R001C01B019
V200R001C00
SVN3000
V100R002C02SPC802B041
NIP100/200/1000
V100R001
NIP2100&2200&510
0
V100R001C00
Impact
1.If attackers acquire the encryption file, they may crack the DES encryption algorithm
to get the password.
Vulnerability Scoring Details
The vulnerability classification has been performed by using the CVSSv2 scoring
system (http://www.first.org/cvss/).
Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Temporal Score: 5.6(E:F/RL:T/RC:C)
Technique Details
Prerequisite:
The attacker can log in to the device, and has privilege to get configuration with
encrypted passwords.
Procedures:
The attacker acquires the user password stored by encryption and crack DES
encryption algorithm to get the password in clear text.
Impact:
The attacker acquires the password.
Temporary Fix
1. Enhance the remote login management to the equipment and only allow login within
the operator’s management network.
2. Strictly manage the accounts privilege.
3. Change the password regularly.
Software Versions and Fixes
Solutions:
Abandon DES algorithm and adopt AES256 algorithm.
Version upgrade information and upgrade date:
Affected product
Solved version
Solved time
NE5000E
V800R003C00
09.19.2012
ATN
V200R001C02
08.20.2012
NE40E&NE80E
CX600
ME60
V600R003C00SPCA00
V600R005C00
V600R003C00SPCA00
09.15.2012
09.15.2012
V600R005C00
V600R005C00
09.15.2012
AR 19/29/49
R 2209 and later version
03.09.2012
ACU
V200R002
08.31.2012
WLAN AC 6605
V200R002
08.31.2012
S3300HI/S5300/S6300/S3700HI/
S5700/S6700
V200R001C00
08.31.2012
S9300/S9300E/S7700/S9700
V200R001C00
08.31.2012
S2300/S3300/S2700/S3700
V100R006C03
08.31.2012
Release version:
08.31.2012
AR G3
V200R002C01SPC200
Cold patch:
V200R002SPC002
AR x8 series; AR x9 series
H3C AR(OEM IN)
R2209 and the later
03.30.2012
version
Eudemon100E
Eudemon200
Eudemon300&500&1000
Eudemon1000E-U/USG5300
Eudemon1000E-X/USG5500
Eudemon8080E&8160E/USG9300
Eudemon8000E-X/USG9500
E200E-X
08.31.2012
V300R001C00SPC600
Eudemon
08.31.2012
1000E-X/USG5500
V300R001C00SPC600
Eudemon8000E
V200R001C00SPC800/
07.30.2012
V200R001C01SPC500
USG2200&5100
V300R001C00SPC600
08.31.2012
USG2100
V300R001C00SPC100
08.31.2012
SVN5300
SVN5500(product
replacement)
02.28.2012
SVN2000&5000 series
V200R001C01SPC200
06.20.2012
SVN3000
SVN2260
06.20.2012
V200R001C01SPC200
NIP5100/NIP2200/NIP210
NIP100/200/1000
0 V100R001C01(product
07.30.2012
replacement)
NIP2100&2200&5100
V100R001C01SPC200
07.30.2012
FAQs
Null
Obtaining Fixed Software
http://support.huawei.com/support/
Please search the corresponding version according to the product models used and the
versions listed in this advisory for downloading after you have logged in to the support
Web site of Huawei.
Contact Channel for Technique Issue
NSIRT@huawei.com
PSIRT@huawei.com
For general problems about Huawei products and solutions, please directly contact
Huawei TAC (Huawei Technical Assistance Center) to request the configuration or
technical assistance.
Revision History
2012-8-27 V1.0 INITIAL
2012-10-08 V1.1 Update
2012-11-07 V1.2 Update
2012-12-12 V1.3 Update
Exploitation and Vulnerability Source
This vulnerability is reported by Emaze Networks. The Huawei PSIRT is not aware of
any malicious use launch to attack through the vulnerability described in this advisory.
Declaration
This document is provided on an "AS IS" basis and does not imply any kind of
guarantee or warranty, either express or implied, including the warranties of
merchantability or fitness for a particular purpose. In no event shall Huawei
Investment & Holding Co., Ltd. or any of its directly or indirectly controlled subsidiaries
or its suppliers be liable for any damages whatsoever including direct, indirect,
incidental, consequential, loss of business profits or special damages. Your use of the
document, by whatsoever means, will be totally at your own risk. Huawei is entitled to
amend or update this document from time to time.
The information and data embodied in this document and any attachment are strictly
confidential information of Huawei and are supplied on the understanding that they
will be held confidentially and not disclosed to third parties without the prior written
consent of Huawei. You shall use all reasonable efforts to protect the confidentiality
of information. In particular, you shall not directly or indirectly disclose, allow access
to, transmit or transfer the information to a third party without our prior written
consent. Thank for your co-operation.
Huawei Security Procedures
Contact us through PSIRT@huawei.com if you need to:
1.
Provide feedback on security vulnerability of Huawei products.
2.
Get support for Huawei security emergency response services.
3.
Obtain Huawei security vulnerability information.
News End
Download