centos 6
crypto weakness #307

4

Weakness Breakdown


Definition:

This weakness involves creating non-standard or non-tested algorithms, using weak algorithms or applying cryptographic algorithms incorrectly. Algorithms that were once considered safe are commonly later found to be unsafe, as the algorithms were broken.

Warning code(s):

The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment.

File Name:

sudo-1.8.6p3/plugins/sudoers/auth/secureware.c

Context:

The highlighted line of code below is the trigger point of this particular Centos 6 crypto weakness.

 #endif
    sudo_setspent();
    auth->data = sudo_getepw(pw);
    sudo_endspent();
    debug_return_int(AUTH_SUCCESS);
}

int
sudo_secureware_verify(struct passwd *pw, char *pass, sudo_auth *auth)
{
    char *pw_epasswd = auth->data;
    debug_decl(sudo_secureware_verify, SUDO_DEBUG_AUTH)
#ifdef __alpha
    {
	extern int crypt_type;

#  ifdef HAVE_DISPCRYPT
	if (strcmp(pw_epasswd, dispcrypt(pass, pw_epasswd, crypt_type)) == 0)
	    debug_return_int(AUTH_SUCCESS);
#  else
	if (crypt_type == AUTH_CRYPT_BIGCRYPT) {
	    if (strcmp(pw_epasswd, bigcrypt(pass, pw_epasswd)) == 0)
		debug_return_int(AUTH_SUCCESS);
	} else if (crypt_type == AUTH_CRYPT_CRYPT16) {
	    if (strcmp(pw_epasswd, crypt(pass, pw_epasswd)) == 0)
		debug_return_int(AUTH_SUCCESS);
	}
    }
#  endif /* HAVE_DISPCRYPT */
#elif defined(HAVE_BIGCRYPT)
    if (strcmp(pw_epasswd, bigcrypt(pass, pw_epasswd)) == 0)
	debug_return_int(AUTH_SUCCESS);
#endif /* __alpha */

	debug_return_int(AUTH_FAILURE);
}

int
sudo_secureware_cleanup(pw, auth)
    struct passwd *pw;
    sudo_auth *auth;
{
    char *pw_epasswd = auth->data;
    debug_decl(sudo_secureware_cleanup, SUDO_DEBUG_AUTH)

    if (pw_epasswd != NULL) {
	zero_bytes(pw_epasswd, strlen(pw_epasswd));
	efree(pw_epasswd);
    }
    debug_return_int(AUTH_SUCCESS); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.