[cifs-protocol] MSFT-CVE-2022-21925 MS-BKRP 3.2.4.1 Performing Client-Side Wrapping of Secrets - TrackingID#2207200040005482
Andrew Bartlett
abartlet at samba.org
Mon Jul 25 21:37:07 UTC 2022
On Mon, 2022-07-25 at 16:55 +0200, Stefan Metzmacher via cifs-protocol
wrote:
> Ok, at this point we managed to get it working by removing the
> BCKUPKEY_PREFERRED (symlink),
>
> which means a new public key pair with a new certificate was
> generated (with a current samba version).
>
> It seems certificates generated by 10 year old samba versions are not
> accepted.
>From memory I think they got generated short, perhaps by just 1 bit
(the leading bit was 0) or our key length was 1024 or such.
Andrew,
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
Samba Development and Support, Catalyst IT - Expert Open Source
Solutions
More information about the cifs-protocol
mailing list