Huawei devices support a weak password encryption algorithm. With this scheme, passwords are obfuscated and encrypted with DES, using an encryption key shared among all the affected devices. This encryption scheme does not use any password salting mechanism. As a consequence, passwords extracted from a victim’s device can be deciphered instantaneously. A Python procedure that decodes a given password is included below. Upon termination, procedure decrypt_password() returns the clear-text password.

via SecurityFocus.

HT: @jedisct1 @peterhoneyman