Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

alpine 3.9
crypto weakness #9

4

Weakness Breakdown


Definition:

This weakness involves creating non-standard or non-tested algorithms, using weak algorithms or applying cryptographic algorithms incorrectly. Algorithms that were once considered safe are commonly later found to be unsafe, as the algorithms were broken.

Warning code(s):

The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment.

File Name:

monit/src/monit-5.25.2/src/util.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.9 crypto weakness.

                         if (! (temp = strchr(id + 1, '$ '))) {
                                LogError("Password not in MD5 format.\n");
                                return false;
                        }
                        temp += 1;
                        *temp = '\0';
                        salt[sizeof(salt) - 1] = 0;
                        strncpy(salt, c->passwd + strlen(id), sizeof(salt) - 1);
                        if (! (temp = strchr(salt, '$ '))) {
                                LogError("Password not in MD5 format.\n");
                                return false;
                        }
                        *temp = '\0';
                        if (md5_crypt(outside, id, salt, outside_crypt, sizeof(outside_crypt)) == NULL) {
                                LogError("Cannot generate MD5 digest error.\n");
                                return false;
                        }
                        break;
                }
                case Digest_Crypt:
                {
                        char salt[3];
                        char *temp;
                        snprintf(salt, 3, "%c%c", c->passwd[0], c->passwd[1]);
                        temp = crypt(outside, salt);
                        outside_crypt[sizeof(outside_crypt) - 1] = 0;
                        strncpy(outside_crypt, temp, sizeof(outside_crypt) - 1);
                        break;
                }
#ifdef HAVE_LIBPAM
                case Digest_Pam:
                        return PAMcheckPasswd(uname, outside);
                        break;
#endif
                default:
                        LogError("Unknown password digestion method.\n");
                        return false;
        }
        if (Str_compareConstantTime(outside_crypt, c->passwd) == 0)
                return true;
        return false;
}


static void _resetIOStatistics(IOStatistics_T S) {
        Statistics_reset(&(S->operations));
        Statistics_reset(&(S->bytes));
}

 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.