Inadequate Encryption Strength
| Property | |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
Using RSA encryption without padding (e.g., ‘NoPadding’ mode) makes encrypted data vulnerable to various attacks, as it does not provide necessary protections against pattern analysis and data manipulation. Secure padding schemes like OAEP should always be used when implementing RSA encryption.
Impact#
If exploited, attackers could decrypt or alter sensitive data, recover plaintext messages, or forge encrypted data without needing the private key. This can lead to exposure of confidential information, unauthorized access, or data integrity failures within the application.