centos 6
crypto weakness #320

4

Weakness Breakdown


Definition:

This weakness involves creating non-standard or non-tested algorithms, using weak algorithms or applying cryptographic algorithms incorrectly. Algorithms that were once considered safe are commonly later found to be unsafe, as the algorithms were broken.

Warning code(s):

The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment.

File Name:

ppp-2.4.5/pppd/session.c

Context:

The highlighted line of code below is the trigger point of this particular Centos 6 crypto weakness.

 	 * We check validity all the time, because if the password has expired,
	 * then clearly we should not authenticate against it (if we're being
	 * called for authentication only).  Thus, in this particular instance,
	 * there is no real difference between using the AUTH, SESS or ACCT
	 * flags, or combinations thereof.
	 */
	now = time(NULL) / 86400L;
	if ((spwd->sp_expire > 0 && now >= spwd->sp_expire)
	    || ((spwd->sp_max >= 0 && spwd->sp_max < 10000)
	    && spwd->sp_lstchg >= 0
	    && now >= spwd->sp_lstchg + spwd->sp_max)) {
	    warn("Password for %s has expired", user);
	    return SESSION_FAILED;
	}

	/* We have a valid shadow entry, keep the password */
	pw->pw_passwd = spwd->sp_pwdp;

#endif /* #ifdef HAS_SHADOW */

	/*
	 * If no passwd, don't let them login if we're authenticating.
	 */
        if (pw->pw_passwd == NULL || strlen(pw->pw_passwd) < 2
            || strcmp(crypt(passwd, pw->pw_passwd), pw->pw_passwd) != 0)
            return SESSION_FAILED;
    }

#endif /* #ifdef USE_PAM */

    /*
     * Write a wtmp entry for this user.
     */

    if (SESS_ACCT & flags) {
	if (strncmp(ttyName, "/dev/", 5) == 0)
	    ttyName += 5;
	logwtmp(ttyName, user, ifname); /* Add wtmp login entry */
	logged_in = 1;

#if defined(_PATH_LASTLOG) && !defined(USE_PAM)
	/*
	 * Enter the user in lastlog only if he has been authenticated using
	 * local system services.  If he has not, then we don't know what his
	 * UID might be, and lastlog is indexed by UID.
	 */
	if (pw != NULL) {
            struct lastlog ll;
            int fd;
	    time_t tnow; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.