centos 6
crypto weakness #345

4

Weakness Breakdown


Definition:

This weakness involves creating non-standard or non-tested algorithms, using weak algorithms or applying cryptographic algorithms incorrectly. Algorithms that were once considered safe are commonly later found to be unsafe, as the algorithms were broken.

Warning code(s):

The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment.

File Name:

qemu-0.15.0/roms/ipxe/src/include/ipxe/sec80211.h

Context:

The highlighted line of code below is the trigger point of this particular Centos 6 crypto weakness.

  * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */

#ifndef _IPXE_SEC80211_H
#define _IPXE_SEC80211_H

FILE_LICENCE ( GPL2_OR_LATER );

#include <ipxe/net80211.h>
#include <errno.h>

/** @file
 *
 * Definitions for general secured-network routines.
 */

int sec80211_detect ( struct io_buffer *iob,
		      enum net80211_security_proto *secprot,
		      enum net80211_crypto_alg *crypt );

int sec80211_detect_ie ( int is_rsn, u8 *start, u8 *end,
			 enum net80211_security_proto *secprot,
			 enum net80211_crypto_alg *crypt );
u8 * sec80211_find_rsn ( union ieee80211_ie *ie, void *ie_end,
			 int *is_rsn, u8 **end );

int sec80211_install ( struct net80211_crypto **which,
		       enum net80211_crypto_alg crypt,
		       const void *key, int len, const void *rsc );

u32 sec80211_rsn_get_crypto_desc ( enum net80211_crypto_alg crypt, int rsnie );
u32 sec80211_rsn_get_akm_desc ( enum net80211_security_proto secprot,
				int rsnie );
enum net80211_crypto_alg sec80211_rsn_get_net80211_crypt ( u32 desc );

#endif /* _IPXE_SEC80211_H */
 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.