Use of RSA Algorithm without OAEP
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-780: Use of RSA Algorithm without OAEP |
| OWASP | A02:2021 - Cryptographic Failures |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The code uses RSA encryption without OAEP (Optimal Asymmetric Encryption Padding), which makes the encryption weaker and more vulnerable to attacks. Using RSA without proper padding can expose sensitive data.
Impact#
If exploited, attackers could decrypt or tamper with encrypted data by exploiting weaknesses in the padding scheme. This can lead to exposure of confidential information, such as passwords or personal data, undermining the security of your application.