[cifs-protocol] [MS-SFU] Clarify the new NonForwardableDelegation flag

Isaac Boukris iboukris at gmail.com
Fri Jul 9 15:12:46 UTC 2021

Hello dochelp!

I noticed this article [1] about CVE-2020-16996 where a new flag is
introduced 'NonForwardableDelegation' in constrained-delegation
protocol but couldn't find any update to MS-SFU on how this flag
affects the protocol behavior. Can you please update the documentation
and elaborate on this statement: "When this protection if enabled, it
unifies the logic for Resource-Based Constrained Delegation (RBCD)
with the original constrained delegation."

[1] https://support.microsoft.com/en-us/topic/managing-deployment-of-rbcd-protected-user-changes-for-cve-2020-16996-9a59a49f-20b9-a292-f205-da9da0ff24d3


More information about the cifs-protocol mailing list