VirtualBox

Opened 13 years ago

Closed 13 years ago

#8030 closed defect (fixed)

Protocol violation: Missing padding of hash in Proprietary Certificate SignatureBlob

Reported by: kiilerix Owned by:
Component: RDP Version: VirtualBox 4.0.0
Keywords: Cc:
Guest type: other Host type: other

Description

http://msdn.microsoft.com/en-us/library/cc240779 "5.3.3.1.3 Validating a Proprietary Certificate" specifies that an RDP server should pad the 16 bytes hash to 64 bytes by appending 0+ff*45+1+0 before it signs it.

VirtualBox will however sign the 16 bytes hash without padding and thus violates the standard.

There is no security in RDP Proprietary Certificates and most clients doesn't verify the certificate, but not complying with the specification prevents interoperability with more standard compliant clients.

Seen with VirtualBox-4.0-4.0.0_69151_fedora14-1.i686 and Oracle_VM_VirtualBox_Extension_Pack-4.0.0-69151.vbox-extpack (and also seen with version 3).

Change History (3)

comment:1 by sunlover, 13 years ago

Next VBox version will include the fix for the minor issue.

comment:2 by kiilerix, 13 years ago

Cool. Let me know and I will test it.

comment:3 by Frank Mehnert, 13 years ago

Resolution: fixed
Status: newclosed

Fixed in 4.0.2 or 4.0.4.

Note: See TracTickets for help on using tickets.

© 2023 Oracle
ContactPrivacy policyTerms of Use