Uploaded image for project: 'Rules Repository'
  1. Rules Repository
  2. RSPEC-2277

Cryptographic RSA algorithms should always incorporate OAEP (Optimal Asymmetric Encryption Padding)

    XMLWordPrintable

    Details

    • Message:
      Use an RSA algorithm with an OAEP (Optimal Asymmetric Encryption Padding).
    • Default Severity:
      Critical
    • Impact:
      High
    • Likelihood:
      Low
    • Covered Languages:
      Java, PHP
    • Remediation Function:
      Constant/Issue
    • Constant Cost:
      20min
    • Analysis Scope:
      Main Sources
    • Common Rule:
      Yes
    • CWE:
      CWE-780, CWE-327
    • OWASP:
      A3, A6
    • SANS Top 25:
      Porous Defenses

      Description

      See

        Attachments

          Issue Links

          1.
          Java RSPEC-4729 Language-Specification Deprecated Unassigned
          2.
          PHP RSPEC-4730 Language-Specification Deprecated Unassigned

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              freddy.mallet Freddy Mallet (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated: