{"vuid":"VU#948096","idnumber":"948096","name":"Huawei networking equipment weak password cipher","keywords":["Huawei","des","cipher"],"overview":"Huawei networking equipment use a DES encryption algorithm for password and encryption. DES is publicly known to be easily cracked.","clean_desc":"Huawei Security Advisory Huawei-SA-20120827-01-CX600 states: In multiple Huawei products, DES encryption algorithm is used for password and the encryption is not strong enough so it may be cracked (HWNSIRT-2012-0820). This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2012-4960. Temporary fix for this vulnerability is available. Huawei has made the version plan to resolve this vulnerability.","impact":"An attacker with access to the Huawei networking equipment encryption file may be able to crack the DES encryption algorithm to recover the system password.","resolution":"Apply Update Users are advised to read Huawei Security Advisory Huawei-SA-20120827-01-CX600 for fix information and apply updates as recommened.","workarounds":"Huawei Security Advisory Huawei-SA-20120827-01-CX600 states the following temporary fixes: 1. Enhance the remote login management to the equipment and only allow login within the operator’s management network. 2. Strictly manage the accounts privilege. 3. Change the password regularly.","sysaffected":"","thanks":"Thanks to Kurt Grutzmacher for reporting this vulnerability.","author":"This document was written by Michael Orlando.","public":["h","t","t","p",":","/","/","w","w","w",".","h","u","a","w","e","i",".","c","o","m","/","e","n","/","s","e","c","u","r","i","t","y","/","p","s","i","r","t","/","s","e","c","u","r","i","t","y","-","b","u","l","l","e","t","i","n","s","/","s","e","c","u","r","i","t","y","-","a","d","v","i","s","o","r","i","e","s","/","h","w","-","u","_","1","9","4","3","7","3",".","h","t","m"],"cveids":["CVE-2012-4960"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2012-11-16T13:44:07Z","publicdate":"2012-12-17T00:00:00Z","datefirstpublished":"2013-08-05T16:52:36Z","dateupdated":"2013-10-03T11:31:06Z","revision":14,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"P","cvss_availabilityimpact":"P","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"LM","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"6.5","cvss_basevector":"AV:N/AC:L/Au:S/C:P/I:P/A:P","cvss_temporalscore":"5.4","cvss_environmentalscore":"5.1","cvss_environmentalvector":"CDP:LM/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}