Usage of CBC (Cipher Block Chaining) Mode with Padding

Overview

Rule ID: java_lang_padding_oracle_encryption_vulnerability
Applicable Languages: Java
Weakness ID: CWE-327

Description

Using a block cipher algorithm mode like CBC (Cipher Block Chaining) with a padding scheme is susceptible to Padding Oracle attacks. This vulnerability occurs because attackers can exploit the padding scheme to decrypt messages.

Remediation Guidelines

Avoid using CBC mode with padding for encryption, as this combination is vulnerable to security breaches.
```
Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding"); // unsafe
```
Instead, consider using GCM (Galois/Counter Mode) for encryption implementation. GCM provides a more secure alternative that mitigates the risks associated with CBC mode.
```
Cipher c = Cipher.getInstance("AES/GCM/PKCS5Padding");
```

References

Configuration

PreviousUsage of bad hex conversion on digest array NextUsage of custom Digest class

Last updated 8 months ago