fedora 24
crypto weakness #299

4

Weakness Breakdown


Definition:

This weakness involves creating non-standard or non-tested algorithms, using weak algorithms or applying cryptographic algorithms incorrectly. Algorithms that were once considered safe are commonly later found to be unsafe, as the algorithms were broken.

Warning code(s):

The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment.

File Name:

alpine-2.20/imap/src/osdep/unix/ckp_dce.c

Context:

The highlighted line of code below is the trigger point of this particular Fedora 24 crypto weakness.

  * Returns: passwd struct if password validated, NIL otherwise
 */

#include <dce/rpc.h>
#include <dce/sec_login.h>

struct passwd *checkpw (struct passwd *pw,char *pass,int argc,char *argv[])
{
  sec_passwd_rec_t pwr;
  sec_login_handle_t lhdl;
  boolean32 rstpwd;
  sec_login_auth_src_t asrc;
  error_status_t status;
  FILE *fd;
				/* easy case */
  if (pw->pw_passwd && pw->pw_passwd[0] && pw->pw_passwd[1] &&
      !strcmp (pw->pw_passwd,(char *) crypt (pass,pw->pw_passwd))) return pw;
				/* try DCE password cache file */
  if (fd = fopen (PASSWD_OVERRIDE,"r")) {
    char *usr = cpystr (pw->pw_name);
    while ((pw = fgetpwent (fd)) && strcmp (usr,pw->pw_name));
    fclose (fd);		/* finished with cache file */
				/* validate cached password */
    if (pw && pw->pw_passwd && pw->pw_passwd[0] && pw->pw_passwd[1] &&
	!strcmp (pw->pw_passwd,(char *) crypt (pass,pw->pw_passwd))) {
      fs_give ((void **) &usr);
      return pw;
    }
    if (!pw) pw = getpwnam (usr);
    fs_give ((void **) &usr);
  }
  if (pw) {			/* try S-L-O-W DCE... */
    sec_login_setup_identity ((unsigned_char_p_t) pw->pw_name,
			      sec_login_no_flags,&lhdl,&status);
    if (status == error_status_ok) {
      pwr.key.tagged_union.plain = (idl_char *) pass;
      pwr.key.key_type = sec_passwd_plain;
      pwr.pepper = NIL;
      pwr.version_number = sec_passwd_c_version_none;
				/* validate password with login context */
      sec_login_validate_identity (lhdl,&pwr,&rstpwd,&asrc,&status);
      if (!rstpwd && (asrc == sec_login_auth_src_network) &&
	  (status == error_status_ok)) {
	sec_login_purge_context (&lhdl,&status);
	if (status == error_status_ok) return pw;
      }
    }
  }
  return NIL;			/* password validation failed */
} 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.