fedora 23
crypto weakness #548
Weakness Breakdown
Definition:
This weakness involves creating non-standard or non-tested algorithms, using weak algorithms or applying cryptographic algorithms incorrectly. Algorithms that were once considered safe are commonly later found to be unsafe, as the algorithms were broken.
Warning code(s):
The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment.
File Name:
aqbanking-5.5.1/src/plugins/backends/aqhbci/plugin/msglayer/msgcrypt_pintan.c
Context:
The highlighted line of code below is the trigger point of this particular Fedora 23 crypto weakness.
/***************************************************************************
$ RCSfile$
-------------------
cvs : $ Id: msgcrypt.inc 1109 2007-01-10 14:30:14Z martin $
begin : Mon Mar 01 2004
copyright : (C) 2004 by Martin Preuss
email : martin@libchipcard.de
***************************************************************************
* Please see toplevel file COPYING for license details *
***************************************************************************/
int AH_MsgPinTan_PrepareCryptoSeg(AH_MSG *hmsg,
AB_USER *u,
GWEN_DB_NODE *cfg,
int crypt,
int createCtrlRef) {
char sdate[9];
char stime[7];
char ctrlref[15];
struct tm *lt;
time_t tt;
const char *userId;
const char *peerId;
assert(hmsg);
assert(u);
assert(cfg);
userId=AB_User_GetUserId(u);
assert(userId);
assert(*userId);
peerId=AH_User_GetPeerId(u);
if (!peerId || *peerId==0)
peerId=userId;
tt=time(0);
lt=localtime(&tt);
if (createCtrlRef) {
/* create control reference */
if (!strftime(ctrlref, sizeof(ctrlref),
"%Y%m%d%H%M%S", lt)) {
DBG_INFO(AQHBCI_LOGDOMAIN, "CtrlRef string too long");
return GWEN_ERROR_INTERNAL;
}
GWEN_DB_SetCharValue(cfg, GWEN_DB_FLAGS_DEFAULT, 
