Security Notice-Statement About Impact of the Dual_EC_DRBG Vulnerability on Huawei Devices
- Initial Release Date: 2014-06-27
- Last Release Date: 2014-06-27
Huawei has been aware of the discussion on the Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) in the industry. If a backdoor is inserted into the Dual_EC_DRBG algorithm, attackers can obtain the encryption key of the algorithm and compromise the information protected by this encryption key.
Huawei has started an investigation and finds out that the Dual_EC_DRBG algorithm is used in third-party software in Huawei ManageOne solution that is deployed in certain scenarios. Huawei is communicating with the third-party software vendor to confirm the scenarios in which the Dual_EC_DRBG algorithm is used. Customers of the ManageOne solution can contact Huawei TAC for more details.
The third-party software that uses the Dual_EC_DRBG algorithm includes VAIM, Spectrum, SPIM, and NFA of the CA company as the software contains the Bsafe component.
Huawei confirms that none of other products uses the Dual_EC_DRBG algorithm and therefore, other products are not affected.
2014-06-27 V1.0 INITIAL
Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism. Please report to Huawei PSIRT at psirt@huawei.com if you find any security vulnerability of Huawei products.
