[cifs-protocol] MSFT-CVE-2022-21925 MS-BKRP Performing Client-Side Wrapping of Secrets - TrackingID#2207200040005482

Andrew Bartlett abartlet at samba.org
Mon Jul 25 21:37:07 UTC 2022

On Mon, 2022-07-25 at 16:55 +0200, Stefan Metzmacher via cifs-protocol
> Ok, at this point we managed to get it working by removing the
> which means a new public key pair with a new certificate was
> generated (with a current samba version).
> It seems certificates generated by 10 year old samba versions are not
> accepted.

>From memory I think they got generated short, perhaps by just 1 bit
(the leading bit was 0) or our key length was 1024 or such.


Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source

More information about the cifs-protocol mailing list