Usage of CBC (Cipher Block Chaining) Mode with Padding
Overview
Rule ID:
java_lang_padding_oracle_encryption_vulnerability
Applicable Languages: Java
Weakness ID: CWE-327
Description
Using a block cipher algorithm mode like CBC (Cipher Block Chaining) with a padding scheme is susceptible to Padding Oracle attacks. This vulnerability occurs because attackers can exploit the padding scheme to decrypt messages.
Remediation Guidelines
Avoid using CBC mode with padding for encryption, as this combination is vulnerable to security breaches.
Instead, consider using GCM (Galois/Counter Mode) for encryption implementation. GCM provides a more secure alternative that mitigates the risks associated with CBC mode.
References
Configuration
To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL
Last updated