PT-2019-4374 · Huawei · Hisuite+1
Published
2019-08-21
·
Updated
2020-08-24
·
CVE-2019-5263
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
HiSuite versions 9.1.0.305 and earlier
HiSuite (MAC) versions 9.1.0.305 and earlier
HwBackup versions prior to 9.1.1.308
Description
The issue is related to a brute forcing vulnerability in encrypted backup data. This allows an attacker to obtain Huawei smartphone user backup information by brute forcing the password for encrypting the backup. The vulnerability is associated with a lack of protection for service data, which can be exploited to gain unauthorized access to a user's mobile phone backup information using a brute force attack.
Recommendations
For HiSuite versions 9.1.0.305 and earlier, update to a version later than 9.1.0.305.
For HiSuite (MAC) versions 9.1.0.305 and earlier, update to a version later than 9.1.0.305.
For HwBackup versions prior to 9.1.1.308, update to version 9.1.1.308 or later.
Fix
Improper Restriction of Excessive Authentication Attempts
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hisuite
Hwbackup