centos 7
crypto weakness #294

4

Weakness Breakdown


Definition:

This weakness involves creating non-standard or non-tested algorithms, using weak algorithms or applying cryptographic algorithms incorrectly. Algorithms that were once considered safe are commonly later found to be unsafe, as the algorithms were broken.

Warning code(s):

The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment.

File Name:

mgetty-1.1.36/contrib/next-login/login.c

Context:

The highlighted line of code below is the trigger point of this particular Centos 7 crypto weakness.

 			fprintf(stderr, "%s login refused on this terminal.\n",
				pwd->pw_name);
			if (hostname)
				syslog(LOG_NOTICE,
					"LOGIN %s REFUSED FROM %s ON TTY %s",
					pwd->pw_name, hostname, tty);
			else
				syslog(LOG_NOTICE,
					"LOGIN %s REFUSED ON TTY %s",
					pwd->pw_name, tty);
			continue;
		}
#endif


		/*
		 * If no pre-authentication and a password exists
		 * for this user, prompt for one and verify it.
		 */
		if (!passwd_req || (pwd && !*pwd->pw_passwd))
			break;

		setpriority(PRIO_PROCESS, 0, -4);
		pp = getpass("Password:");
		p = crypt(pp, salt);
		setpriority(PRIO_PROCESS, 0, 0);

#ifdef	KERBEROS

		/*
		 * If not present in pw file, act as we normally would.
		 * If we aren't Kerberos-authenticated, try the normal
		 * pw file for a password.  If that's ok, log the user
		 * in without issueing any tickets.
		 */

		if (pwd && !krb_get_lrealm(realm,1)) {
			/*
			 * get TGT for local realm; be careful about uid's
			 * here for ticket file ownership
			 */
			(void)setreuid(geteuid(),pwd->pw_uid);
			kerror = krb_get_pw_in_tkt(pwd->pw_name, "", realm,
				"krbtgt", realm, DEFAULT_TKT_LIFE, pp);
			(void)setuid(0);
			if (kerror == INTK_OK) {
				bzero(pp, strlen(pp));
				notickets = 0;	/* user got ticket */
				break;
			} 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.