alpine 3.8
crypto weakness #595

4

Weakness Breakdown


Definition:

This weakness involves creating non-standard or non-tested algorithms, using weak algorithms or applying cryptographic algorithms incorrectly. Algorithms that were once considered safe are commonly later found to be unsafe, as the algorithms were broken.

Warning code(s):

The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment.

File Name:

ldapvi/src/ldapvi-1.7/parse.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.8 crypto weakness.

 		case '\n':
			if ( (c = fgetc(s)) == ' ') /* folded line */ break;
			ungetc(c, s);
			if (ferror(s)) syserr();
			return 0;
		}
}

static char *saltbag
	= "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890./";

static char *
cryptdes(char *key)
{
	unsigned char salt[2];
	int fd = open("/dev/random", 2);
	if (fd == -1) {
		puts("Sorry, crypt not available: Cannot open /dev/random.");
		return 0;
	}
	if (read(fd, salt, 2) != 2) syserr();
	close(fd);
	salt[0] = saltbag[salt[0] & 63];
	salt[1] = saltbag[salt[1] & 63];
	return crypt(key, (char *) salt);
}

static char *
cryptmd5(char *key)
{
	char *result;
	unsigned char salt[11];
	int i;
	int fd = open("/dev/random", 2);
	if (fd == -1) {
		puts("Sorry, MD5 not available: Cannot open /dev/random.");
		return 0;
	}
	salt[0] = '$ ';
	salt[1] = '1';
	salt[2] = '$ ';
	if (read(fd, salt + 3, 8) != 8) syserr();
	close(fd);
	for (i = 3; i < 11; i++)
		salt[i] = saltbag[salt[i] & 63];
	result = crypt(key, (char *) salt);
	if (!result || strlen(result) < 25) {
		puts("Sorry, MD5 not available: Are you using the glibc?");
		return 0;
	} 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.