Groovy : Unsafe padding
Classification
OWASP Top 10 2013 A6-Sensitive Data Exposure OWASP Top 10 2017 A3-Sensitive Data Exposure OWASP Top 10 2021 A2-Cryptographic Failures A4-Insecure Design OWASP MASVS V3: 3.2.(L1/L2/L1+R/L2+R) V3: 3.4.(L1/L2/L1+R/L2+R) V8: 8.13.(L1+R/L2+R) OWASP ASVS Stored Cryptography Authentication Authentication Authentication PCI DSS 4.0 3.6.1 6.2.4 8.3.2 HIPAA §164.312 (a)(2)(iv) CWE CWE-327 CWE-1032 CWE/SANS Top 25 2011 CWE-327Overview
The application uses encryption algorithm with incorrect padding which significantly weakens the encryption.
In case of asymmetric encryption you shouldn’t use RSA encryption algorithm without OAEP. The OAEP algorithm is used to preprocess messages before using RSA. The message is padded to a fixed length using OAEP and encrypted using RSA. This scheme of encryption is called RSA-OAEP.
In case of symmetric encryption the preferred method of ciphertext blocks supplementing is PKCS7, PKCS5 can also be used. Using methods with an unsuitable block dimension is unsafe.
In order to protect valuable data, use well tested implementations of standard encryption algorithms with sufficiently long keys.
Insufficient Cryptography vulnerabilities take the fifth place in the “OWASP Top 10 2016” mobile application vulnerabilities ranking.
References
- OWASP Top 10 2013-A6-Sensitive Data Exposure
- How to Encrypt Properly with RSA (pdf)
- What specific padding weakness does OAEP address in RSA? - security.stackexchange.com
- OWASP Top 10 2017-A3-Sensitive Data Exposure
- CWE-327
- CWE CATEGORY: OWASP Top Ten 2017 Category A6 - Security Misconfiguration
- Encrypting and Hashing Data - developer.apple.com
- Bleichenbacher’s attack
