Missing Optimal Asymmetric Encryption Padding (OAEP)

Overview

Rule ID: java_lang_rsa_no_padding
Applicable Languages: Java
Weakness ID: CWE-780

Description

The RSA encryption algorithm is vulnerable without the use of Optimal Asymmetric Encryption Padding (OAEP). This vulnerability can result in security risks, including information disclosure.

Remediation Guidelines

Always use OAEP with RSA encryption to enhance security and mitigate vulnerabilities.
```
Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithMD5AndMGF1Padding")
```

References

Java MessageDigest class
CWE-780: Use of RSA Algorithm without OAEP
OWASP Top 10: A02:2021 - Cryptographic Failures

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL

PreviousMissing HTTP Only Option in Cookie Configuration NextMissing or Permissive SSL Hostname Verifier

Last updated 1 month ago