This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy (update in May 2018) >

Security Advisory - Bar Mitzvah Attack Vulnerability in Huawei Products

  • SA No:Huawei-SA-20150919-01-RC4
  • Initial Release Date: Sep 19, 2015
  • Last Release Date: May 05, 2016

A security vulnerability exists in Rivest Cipher 4 (RC4) used by TLS and SSL protocols. RC4 cannot provide sufficient data protection. After listening to an SSL or TLS connection, an attacker can obtain plaintext data by brute force cracking. This vulnerability is also called Bar Mitzvah. (Vulnerability ID: HWPSIRT-2015-03025)

This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-2808.

Product Name

Affected Version

Resolved Product and Version

E6000 Chassis

V100R001C00

V100R001C00SPC300

E9000 Chassis

V100R001C00

V100R001C00SPC230

OceanStor 18500

V100R001C00

V100R001C20SPC200

V100R001C10

OceanStor 18800

V100R001C00

V100R001C20SPC200

V100R001C10

V100R001C20

V100R001C30

OceanStor 18800F

V100R001C00

V100R001C20SPC200

V100R001C10

V100R001C20

V100R001C30

OceanStor 9000

V100R001C01

V100R001C01SPC210

OceanStor CSE

V100R002C00LSFM01

V100R003C00

OceanStor HVS85T

V100R001C00

OceanStor 18500 V100R001C20SPC200

V100R001C30

OceanStor ReplicationDirector

V100R003C00

V100R003C00SPC400

OceanStor S2600T

V200R002C00

V200R002C20SPC200

V200R002C10

V200R002C20

V200R002C30

OceanStor S5500T

V200R002C00

V200R002C20SPC200

V200R002C10

OceanStor S5600T

V200R002C00

V200R002C20SPC200

V200R002C10

OceanStor S5800T

V200R001C00SPC800

V200R002C20SPC200

V200R002C00

V200R002C10

OceanStor S6800T

V200R002C00

V200R002C20SPC200

V200R002C10

OceanStor VIS6600T

V200R003C10

V200R003C10SPC400

Policy Center

V100R003C00

V100R003C10SPC015

V100R003C10

Quidway S9300

V100R006C00B010

V200R007SPH003

S7700/ 9700/ S12700

V200R006 and earlier versions

V200R007C00SPC500+V200R007SPH003

V200R007C00SPC500

V200R007SPH003

S2700/ S3700

V100R006C05

V100R006SPH023

S5700EI/ S5700HI/ S5700SI/ S5710EI/ S5710HI/ S6700

V200R005 and earlier versions

V200R005C00SPC500

S2750/ S5700LI/ S5700S-LI/ S5720HI

V200R006C00SPC300

V200R006SPH006

S2750/ S5700LI/ S5700S-LI/ S5720HI/ S5720EI

V200R007C00SPC500

V200R007SPH003

SMC2.0

V100R002C01

V100R003C10SPC100

V100R002C02

V100R002C03

V100R002C04

TE60

V100R001C10

V100R001C10SPC300

UltraVR

V100R003C00

V100R003C00SPC200


This security vulnerability allows an attacker to launch plaintext-recovery attacks in specific conditions, which may expose sensitive information.

The vulnerability classification has been performed by using the CVSSv2 scoring system (http://www.first.org/cvss/).

Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Temporal Score: 3.6 (E:F/RL:O/RC:C)

1. Prerequisite:

An attacker can sniff and listen to an SSL or TLS connection.

2. Attacking procedure:

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, aka the "Bar Mitzvah" issue.
Customers should contact Huawei TAC (Huawei Technical Assistance Center) to request the upgrades. For TAC contact information, please refer to Huawei worldwide website at http://www.huawei.com/en/security/psirt/report-vulnerabilities/index.htm.


This vulnerability was reported by researcher Itsik Mantin from security company Imperva. Huawei PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory.

For security problems about Huawei products and solutions, please contactPSIRT@huawei.com.

For general problems about Huawei products and solutions, please directly contact Huawei TAC (Huawei Technical Assistance Center) to request the configuration or technical assistance.


2016-05-05 V1.1 UPDATE Update the affected product list and fixed version

2015-09-19 V1.0 INITIAL

This document is provided on an "AS IS" basis and does not imply any kind of guarantee or warranty, either express or implied, including the warranties of merchantability or fitness for a particular purpose. In no event shall Huawei or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by whatsoever means, will be totally at your own risk. Huawei is entitled to amend or update this document from time to time.


Complete information for providing feedback on security vulnerability of Huawei products, getting support for Huawei security incident response services, and obtaining Huawei security vulnerability information, is available on Huawei's worldwide website at http://www.huawei.com/en/security/psirt/.