alpine 3.9
crypto weakness #6

4

Weakness Breakdown


Definition:

This weakness involves creating non-standard or non-tested algorithms, using weak algorithms or applying cryptographic algorithms incorrectly. Algorithms that were once considered safe are commonly later found to be unsafe, as the algorithms were broken.

Warning code(s):

The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment.

File Name:

lighttpd/src/lighttpd-1.4.52/src/mod_authn_mysql.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.9 crypto weakness.

     if (userpwlen >= 3 && userpw[0] == '$ ' && userpw[2] == '$ ') {
        /* md5 crypt()
         * request by Nicola Tiling <nti@w4w.net> */
        const char *saltb = userpw+3;
        const char *salte = strchr(saltb, '$ ');
        char salt[32];
        size_t slen = (NULL != salte) ? (size_t)(salte - saltb) : sizeof(salt);

        if (slen < sizeof(salt)) {
            char *crypted;
          #if defined(HAVE_CRYPT_R)
            struct crypt_data crypt_tmp_data;
           #ifdef _AIX
            memset(&crypt_tmp_data, 0, sizeof(crypt_tmp_data));
           #else
            crypt_tmp_data.initialized = 0;
           #endif
          #endif
            memcpy(salt, saltb, slen);
            salt[slen] = '\0';

          #if defined(HAVE_CRYPT_R)
            crypted = crypt_r(reqpw, salt, &crypt_tmp_data);
          #else
            crypted = crypt(reqpw, salt);
          #endif
            if (NULL != crypted) {
                return strcmp(userpw, crypted);
            }
        }
    }
    else
  #endif
    if (32 == userpwlen) {
        /* plain md5 */
        li_MD5_CTX Md5Ctx;
        unsigned char HA1[16];
        unsigned char md5pw[16];

        li_MD5_Init(&Md5Ctx);
        li_MD5_Update(&Md5Ctx, (unsigned char *)reqpw, strlen(reqpw));
        li_MD5_Final(HA1, &Md5Ctx);

        /*(compare 16-byte MD5 binary instead of converting to hex strings
         * in order to then have to do case-insensitive hex str comparison)*/
        return (0 == http_auth_md5_hex2bin(userpw, 32 /*(userpwlen)*/, md5pw))
          ? memcmp(HA1, md5pw, sizeof(md5pw))
          : -1;
    }
 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.