fedora 24
crypto weakness #290
Weakness Breakdown
Definition:
This weakness involves creating non-standard or non-tested algorithms, using weak algorithms or applying cryptographic algorithms incorrectly. Algorithms that were once considered safe are commonly later found to be unsafe, as the algorithms were broken.
Warning code(s):
The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment.
File Name:
dx-4.4.4/src/exec/dpexec/license.c
Context:
The highlighted line of code below is the trigger point of this particular Fedora 24 crypto weakness.
if (ltype == MPLIC) {
if (cryptTime[0] != 'A' ||
cryptTime[10] != '9' ||
cryptTime[12] != 'D') {
strcat(messagebuf,"You are running an Expired trial version of Data Explorer.\n");
return ERROR;
}
if (cryptTime[1] != 'm' ||
cryptTime[11] != 'l' ) {
strcat(messagebuf,"Single processor trial key found, MP will not be enabled.\n");
return ERROR;
}
}
else if (cryptTime[0] != 'A' ||
cryptTime[10] != '9' ||
cryptTime[12] != 'D') {
DXMessage("You are running an Expired trial version of Data Explorer.");
return ERROR;
}
myCryptHost = crypt(host, KEY1);
host_match = strcmp(cryptHost, myCryptHost) == 0;
if (!host_match) {
myCryptHost = crypt(ANYWHERE_HOSTID, KEY1);
host_match = strcmp(cryptHost, myCryptHost) == 0;
}
if (!host_match) {
if (ltype == MPLIC)
strcat(messagebuf,
"you are running a trial version of Data Explorer"
" on an unlicensed host\n");
else
DXMessage("You are running a trial version of Data Explorer"
" on an unlicensed host.");
return ERROR;
}
if(cryptTime[1]=='s')
sscanf(cryptTime, "As%08x95D", &timeOut);
else if (cryptTime[1]=='m')
sscanf(cryptTime, "Am%08x9lD", &timeOut);
timeOut ^= 0x12345678;
if (timenow > timeOut) {
if (ltype == MPLIC) {
strcat(messagebuf, 
