Ticket #8030 (closed defect: fixed)
Protocol violation: Missing padding of hash in Proprietary Certificate SignatureBlob
|Reported by:||kiilerix||Owned by:|
http://msdn.microsoft.com/en-us/library/cc240779 "184.108.40.206.3 Validating a Proprietary Certificate" specifies that an RDP server should pad the 16 bytes hash to 64 bytes by appending 0+ff*45+1+0 before it signs it.
VirtualBox will however sign the 16 bytes hash without padding and thus violates the standard.
There is no security in RDP Proprietary Certificates and most clients doesn't verify the certificate, but not complying with the specification prevents interoperability with more standard compliant clients.
Seen with VirtualBox-4.0-4.0.0_69151_fedora14-1.i686 and Oracle_VM_VirtualBox_Extension_Pack-4.0.0-69151.vbox-extpack (and also seen with version 3).