[cifs-protocol] MSFT-CVE-2022-21925 MS-BKRP 3.2.4.1 Performing Client-Side Wrapping of Secrets - TrackingID#2207200040005482
Stefan Metzmacher
metze at samba.org
Mon Jul 25 21:45:06 UTC 2022
Am 25.07.22 um 23:37 schrieb Andrew Bartlett:
> On Mon, 2022-07-25 at 16:55 +0200, Stefan Metzmacher via cifs-protocol
> wrote:
>> Ok, at this point we managed to get it working by removing the
>> BCKUPKEY_PREFERRED (symlink),
>>
>> which means a new public key pair with a new certificate was
>> generated (with a current samba version).
>>
>> It seems certificates generated by 10 year old samba versions are not
>> accepted.
>
> From memory I think they got generated short, perhaps by just 1 bit
> (the leading bit was 0) or our key length was 1024 or such.
2047 bits, but there were also a lot of other differences.
I also noticed Windows is using an null terminated utf-16le string
as gnutls_x509_crt_set_[issuer_]dn(), see
https://git.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=6f74c7351ab027b52c4ad326d059930ac1e88f65
metze
More information about the cifs-protocol
mailing list