SYM_CS_0001 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of RSA Algorithm without OAEP
| Property | Value |
|---|---|
| Language | csharp |
| Severity |  |
| CWE | CWE-780: Use of RSA Algorithm without OAEP |
| OWASP | A02:2021 - Cryptographic Failures |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
Description
The code uses the outdated PKCS#1 v1.5 padding for RSA encryption, which is no longer considered secure. Modern best practices recommend using OAEP padding to protect sensitive data during encryption and key exchange.
Impact
If PKCS#1 v1.5 padding is used, attackers may be able to exploit known weaknesses to decrypt or tamper with encrypted data, potentially exposing confidential information or enabling unauthorized access to secure communications.