VariantIncomplete

CWE-780Use of RSA Algorithm without OAEP

Category: other

Description

The product uses the RSA algorithm but does not incorporate Optimal Asymmetric Encryption Padding (OAEP), which might weaken the encryption. Padding schemes are often used with cryptographic algorithms to make the plaintext less predictable and complicate attack efforts. The OAEP scheme is often used with RSA to nullify the impact of predictable common text.

Common consequences· 1

  • Access Control — Bypass Protection Mechanism
    Without OAEP in RSA encryption, it will take less work for an attacker to decrypt the data or to infer patterns from the ciphertext.

References

  1. https://cwe.mitre.org/data/definitions/780.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Missing Cryptographic Step
CWE
Inadequate Encryption Strength
CWE
Use of a Cryptographic Primitive with a Risky Implementation
CWE
Use of a Broken or Risky Cryptographic Algorithm
CWE
Missing Critical Step in Authentication
CWE
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.