Use of RSA Algorithm without OAEP
| Property | |
|---|---|
| Language | csharp |
| Severity |  |
| CWE | CWE-780: Use of RSA Algorithm without OAEP |
| OWASP | A02:2021 - Cryptographic Failures |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
Description#
The code uses the outdated PKCS#1 v1.5 padding for RSA encryption, which is no longer considered secure. Modern best practices recommend using OAEP padding to protect sensitive data during encryption and key exchange.
Impact#
If PKCS#1 v1.5 padding is used, attackers may be able to exploit known weaknesses to decrypt or tamper with encrypted data, potentially exposing confidential information or enabling unauthorized access to secure communications.