This weakness involves creating non-standard or non-tested algorithms, using weak algorithms or applying cryptographic algorithms incorrectly. Algorithms that were once considered safe are commonly later found to be unsafe, as the algorithms were broken.
The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment.
The highlighted line of code below is the trigger point of this particular Centos 6 crypto weakness.
* You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #ifndef _IPXE_SEC80211_H #define _IPXE_SEC80211_H FILE_LICENCE ( GPL2_OR_LATER ); #include <ipxe/net80211.h> #include <errno.h> /** @file * * Definitions for general secured-network routines. */ int sec80211_detect ( struct io_buffer *iob, enum net80211_security_proto *secprot, enum net80211_crypto_alg *crypt ); int sec80211_detect_ie ( int is_rsn, u8 *start, u8 *end, enum net80211_security_proto *secprot, enum net80211_crypto_alg *crypt ); u8 * sec80211_find_rsn ( union ieee80211_ie *ie, void *ie_end, int *is_rsn, u8 **end ); int sec80211_install ( struct net80211_crypto **which, enum net80211_crypto_alg crypt, const void *key, int len, const void *rsc ); u32 sec80211_rsn_get_crypto_desc ( enum net80211_crypto_alg crypt, int rsnie ); u32 sec80211_rsn_get_akm_desc ( enum net80211_security_proto secprot, int rsnie ); enum net80211_crypto_alg sec80211_rsn_get_net80211_crypt ( u32 desc ); #endif /* _IPXE_SEC80211_H */