Usage of CBC (Cipher Block Chaining) Mode with Padding
Last updated
Last updated
Rule ID: java_lang_padding_oracle_encryption_vulnerability
Applicable Languages: Java
Weakness ID: CWE-327
Using a block cipher algorithm mode like CBC (Cipher Block Chaining) with a padding scheme is susceptible to Padding Oracle attacks. This vulnerability occurs because attackers can exploit the padding scheme to decrypt messages.
Avoid using CBC mode with padding for encryption, as this combination is vulnerable to security breaches.
Instead, consider using GCM (Galois/Counter Mode) for encryption implementation. GCM provides a more secure alternative that mitigates the risks associated with CBC mode.
To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our