VirtualBox

Ticket #8030 (closed defect: fixed)

Opened 3 years ago

Last modified 3 years ago

Protocol violation: Missing padding of hash in Proprietary Certificate SignatureBlob

Reported by: kiilerix Owned by:
Priority: major Component: RDP
Version: VirtualBox 4.0.0 Keywords:
Cc: Guest type: other
Host type: other

Description

 http://msdn.microsoft.com/en-us/library/cc240779 "5.3.3.1.3 Validating a Proprietary Certificate" specifies that an RDP server should pad the 16 bytes hash to 64 bytes by appending 0+ff*45+1+0 before it signs it.

VirtualBox will however sign the 16 bytes hash without padding and thus violates the standard.

There is no security in RDP Proprietary Certificates and most clients doesn't verify the certificate, but not complying with the specification prevents interoperability with more standard compliant clients.

Seen with VirtualBox-4.0-4.0.0_69151_fedora14-1.i686 and Oracle_VM_VirtualBox_Extension_Pack-4.0.0-69151.vbox-extpack (and also seen with version 3).

Change History

comment:1 Changed 3 years ago by sunlover

Next VBox version will include the fix for the minor issue.

comment:2 Changed 3 years ago by kiilerix

Cool. Let me know and I will test it.

comment:3 Changed 3 years ago by frank

  • Status changed from new to closed
  • Resolution set to fixed

Fixed in 4.0.2 or 4.0.4.

Note: See TracTickets for help on using tickets.

www.oracle.com
ContactPrivacy policyTerms of Use