CWE

Use of RSA Algorithm without OAEP

ID: 780		Date: (C)2012-05-14   (M)2022-10-10
Type: weakness		Status: INCOMPLETE
Abstraction Type: Variant

Description

The software uses the RSA algorithm but does not incorporate Optimal Asymmetric Encryption Padding (OAEP), which might weaken the encryption.

Extended Description

Padding schemes are often used with cryptographic algorithms to make the plaintext less predictable and complicate attack efforts. The OAEP scheme is often used with RSA to nullify the impact of predictable common text.

Likelihood of Exploit: Medium

Applicable Platforms
None

Time Of Introduction

• Architecture and Design
• Implementation

Common Consequences

Scope	Technical Impact	Notes
Access_Control	Bypass protection mechanism	Without OAEP in RSA encryption, it will take less work for an attacker to decrypt the data or to infer patterns from the ciphertext.

Detection Methods
None

Potential Mitigations
None

Relationships

Related CWE	Type	View	Chain
CWE-780 ChildOf CWE-310	Category	CWE-699

Demonstrative Examples   (Details)

1. The example below attempts to build an RSA cipher.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings
None

References:

1. Ronald L. Rivest Burt Kaliski .RSA Problem. 2003-12-10.
2. .Optimal Asymmetric Encryption Padding. Wikipedia. 2009-07-08.