Missing Optimal Asymmetric Encryption Padding (OAEP)

Overview

Rule ID: java_lang_rsa_no_padding
Applicable Languages: Java
Weakness ID: CWE-780

Description

The RSA encryption algorithm is vulnerable without the use of Optimal Asymmetric Encryption Padding (OAEP). This vulnerability can result in security risks, including information disclosure.

Remediation Guidelines

Always use OAEP with RSA encryption to enhance security and mitigate vulnerabilities.
```
Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithMD5AndMGF1Padding")
```

References

Configuration

PreviousMissing HTTP Only Option in Cookie Configuration NextMissing or Permissive SSL Hostname Verifier

Last updated 8 months ago