Ticket #8030 (closed defect: fixed)

Opened 10 years ago

Last modified 9 years ago

Protocol violation: Missing padding of hash in Proprietary Certificate SignatureBlob

Reported by: kiilerix Owned by:
Component: RDP Version: VirtualBox 4.0.0
Keywords: Cc:
Guest type: other Host type: other

Description " Validating a Proprietary Certificate" specifies that an RDP server should pad the 16 bytes hash to 64 bytes by appending 0+ff*45+1+0 before it signs it.

VirtualBox will however sign the 16 bytes hash without padding and thus violates the standard.

There is no security in RDP Proprietary Certificates and most clients doesn't verify the certificate, but not complying with the specification prevents interoperability with more standard compliant clients.

Seen with VirtualBox-4.0-4.0.0_69151_fedora14-1.i686 and Oracle_VM_VirtualBox_Extension_Pack-4.0.0-69151.vbox-extpack (and also seen with version 3).

Change History

comment:1 Changed 10 years ago by sunlover

Next VBox version will include the fix for the minor issue.

comment:2 Changed 10 years ago by kiilerix

Cool. Let me know and I will test it.

comment:3 Changed 9 years ago by frank

  • Status changed from new to closed
  • Resolution set to fixed

Fixed in 4.0.2 or 4.0.4.

Note: See TracTickets for help on using tickets.
ContactPrivacy policyTerms of Use