alpine 3.8
crypto weakness #596

4

Weakness Breakdown


Definition:

This weakness involves creating non-standard or non-tested algorithms, using weak algorithms or applying cryptographic algorithms incorrectly. Algorithms that were once considered safe are commonly later found to be unsafe, as the algorithms were broken.

Warning code(s):

The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment.

File Name:

fcron/src/fcron-3.2.0/socket.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.8 crypto weakness.

         send(client->fcl_sock_fd, "0", sizeof("0"), 0);
        return;
    }
    pass_sys = pass->pw_passwd;
#endif

    /* */
    debug("auth_client_password() : socket : %d", client->fcl_sock_fd);
    /* */

    /* we need to limit auth failures : otherwise fcron may be used to "read"
     * shadow password !!! (or to crack it using a test-all-possible-password attack) */
    if (auth_fail > 0 && auth_nofail_since + AUTH_WAIT <= now)
        /* no auth time exceeded : set counter to 0 */
        auth_fail = 0;
    if (auth_fail >= MAX_AUTH_FAIL) {
        error("Too many authentication failures : try to connect later.");
        send(client->fcl_sock_fd, "0", sizeof("0"), 0);
        auth_fail = auth_nofail_since = 0;
        return;
    }

    /* the password is stored after the user name */
    pass_str = &((char *)client->fcl_cmd)[strlen((char *)client->fcl_cmd) + 1];
    if ((pass_cry = crypt(pass_str, pass_sys)) == NULL) {
        error_e("could not crypt()");
        send(client->fcl_sock_fd, "0", sizeof("0"), 0);
        Overwrite(pass_str);
        return;
    }

/*      debug("pass_sp->sp_pwdp : %s", pass_sp->sp_pwdp); */
/*      debug("pass_cry : %s", pass_cry); */
    if (strcmp(pass_cry, pass_sys) == 0) {
        client->fcl_user = strdup2((char *)client->fcl_cmd);
        send(client->fcl_sock_fd, "1", sizeof("1"), 0);
    }
    else {
        auth_fail++;
        auth_nofail_since = now;
        error("Invalid passwd for %s from socket %d",
              (char *)client->fcl_cmd, client->fcl_sock_fd);
        send(client->fcl_sock_fd, "0", sizeof("0"), 0);
    }

    Overwrite(pass_str);
}


#define Test_add_field(FIELD_NB, FIELD_STR) \ 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.