[cifs-protocol] MSFT-CVE-2022-21925 MS-BKRP Performing Client-Side Wrapping of Secrets - TrackingID#2207200040005482

Stefan Metzmacher metze at samba.org
Mon Jul 25 21:45:06 UTC 2022

Am 25.07.22 um 23:37 schrieb Andrew Bartlett:
> On Mon, 2022-07-25 at 16:55 +0200, Stefan Metzmacher via cifs-protocol
> wrote:
>> Ok, at this point we managed to get it working by removing the
>> which means a new public key pair with a new certificate was
>> generated (with a current samba version).
>> It seems certificates generated by 10 year old samba versions are not
>> accepted.
>  From memory I think they got generated short, perhaps by just 1 bit
> (the leading bit was 0) or our key length was 1024 or such.

2047 bits, but there were also a lot of other differences.

I also noticed Windows is using an null terminated utf-16le string
as gnutls_x509_crt_set_[issuer_]dn(), see


More information about the cifs-protocol mailing list