CWE-780: Use of RSA Algorithm without OAEP

The product uses the RSA algorithm but does not incorporate Optimal Asymmetric Encryption Padding (OAEP), which might weaken the encryption.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Medium

Likelihood of exploit

Per MITRE

Variant

Abstraction

MITRE classification

Overview

Padding schemes are often used with cryptographic algorithms to make the plaintext less predictable and complicate attack efforts. The OAEP scheme is often used with RSA to nullify the impact of predictable common text.

CWE-780: Use of RSA Algorithm without OAEP

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to detect it

Automated Static Analysis

Code examples

Frequently asked questions

What is CWE-780?

What CVEs are caused by CWE-780?

How is CWE-780 detected?

What are the consequences of CWE-780?

Is CWE-780 actively exploited?

References

Stay ahead of CWE-780

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to detect it

Automated Static Analysis

Code examples

Related weaknesses

Parent

Frequently asked questions

What is CWE-780?

What CVEs are caused by CWE-780?

How is CWE-780 detected?

What are the consequences of CWE-780?

Is CWE-780 actively exploited?

References

Stay ahead of CWE-780