• Home
• org.codehaus.sonar-plugins.java
• java-checks
• 2.9
• source code
• S2277.html

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.sonar.l10n.java.rules.squid.S2277.html Maven / Gradle / Ivy

Without OAEP in RSA encryption, it takes less work for an attacker to decrypt the data or infer patterns from the ciphertext.

Noncompliant Code Example
Cipher rsa = javax.crypto.Cipher.getInstance("RSA/NONE/NoPadding");


Compliant Solution
Cipher rsa = javax.crypto.Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");

See

  
MITRE CWE-780 - Use of RSA Algorithm without OAEP
  
MITRE CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
  
OWASP Top Ten 2013 Category A6 - Sensitive Data Exposure