centos 6
crypto weakness #354

4

Weakness Breakdown


Definition:

This weakness involves creating non-standard or non-tested algorithms, using weak algorithms or applying cryptographic algorithms incorrectly. Algorithms that were once considered safe are commonly later found to be unsafe, as the algorithms were broken.

Warning code(s):

The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment.

File Name:

qemu-0.15.0/roms/ipxe/src/net/80211/sec80211.c

Context:

The highlighted line of code below is the trigger point of this particular Centos 6 crypto weakness.

 	if ( ! ie ) {
		DBG ( "RSN detect: no RSN IE found\n" );
		return NULL;
	}

	return rsn;
}


/**
 * Detect crypto and AKM types from RSN information element
 *
 * @v is_rsn	If TRUE, IE is a new-style RSN information element
 * @v start	Pointer to first byte of @a version field
 * @v end	Pointer to first byte not in the RSN IE
 * @ret secprot	Security handshaking protocol used by network
 * @ret crypt	Cryptosystem used by network
 * @ret rc	Return status code
 *
 * If the IE cannot be parsed, returns an error indication and leaves
 * @a secprot and @a crypt unchanged.
 */
int sec80211_detect_ie ( int is_rsn, u8 *start, u8 *end,
			 enum net80211_security_proto *secprot,
			 enum net80211_crypto_alg *crypt )
{
	enum net80211_security_proto sp;
	enum net80211_crypto_alg cr;
	struct descriptor_map *map;
	u8 *rsn = start;

	/* Set some defaults */
	cr = ( is_rsn ? NET80211_CRYPT_CCMP : NET80211_CRYPT_TKIP );
	sp = NET80211_SECPROT_EAP;

	rsn += 2;		/* version - already checked */
	rsn += 4;		/* group cipher - we don't use it here */

	if ( rsn >= end )
		goto done;

	/* Pick crypto algorithm */
	map = rsn_pick_desc ( &rsn, end, rsn_cipher_map,
			      table_start ( NET80211_CRYPTOS ),
			      table_end ( NET80211_CRYPTOS ) );
	if ( ! map )
		goto invalid_rsn;

	cr = map->net80211_type;
 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.