DerScanner
Home / Vulnerability Database / Rust : Unsafe padding
Rust

Rust : Unsafe padding

Classification

OWASP Top 10 2013
A6-Sensitive Data Exposure
OWASP Top 10 2017
A3-Sensitive Data Exposure
OWASP Top 10 2021
A2-Cryptographic FailuresA4-Insecure Design
OWASP MASVS
V3: 3.2.(L1/L2/L1+R/L2+R)V3: 3.4.(L1/L2/L1+R/L2+R)V8: 8.13.(L1+R/L2+R)
OWASP ASVS
Stored CryptographyAuthenticationAuthenticationAuthentication
PCI DSS 4.0
3.6.16.2.48.3.2
HIPAA
§164.312 (a)(2)(iv)
CWE
CWE-327CWE-1032
CWE/SANS Top 25 2011
CWE-327

Overview

The application uses encryption algorithm with incorrect padding which significantly weakens the encryption.

In case of asymmetric encryption you shouldn’t use RSA encryption algorithm without OAEP. The OAEP algorithm is used to preprocess messages before using RSA. The message is padded to a fixed length using OAEP and encrypted using RSA. This scheme of encryption is called RSA-OAEP.

In case of symmetric encryption the preferred method of ciphertext blocks supplementing is PKCS7, PKCS5 can also be used. Using methods with an unsuitable block dimension is unsafe.

In order to protect valuable data, use well tested implementations of standard encryption algorithms with sufficiently long keys.

Insufficient Cryptography vulnerabilities take the fifth place in the “OWASP Top 10 2016” mobile application vulnerabilities ranking.

References

  1. OWASP Top 10 2013-A6-Sensitive Data Exposure
  2. How to Encrypt Properly with RSA (pdf)
  3. What specific padding weakness does OAEP address in RSA? - security.stackexchange.com
  4. OWASP Top 10 2017-A3-Sensitive Data Exposure
  5. CWE-327
  6. CWE CATEGORY: OWASP Top Ten 2017 Category A6 - Security Misconfiguration
  7. Encrypting and Hashing Data - developer.apple.com
  8. Bleichenbacher’s attack
CRITICAL

DerScanner Severity Score

Do you want to fix Rust : Unsafe padding in your application?

See also

Rust

Rust : Buffer overflow

Rust

Rust : Empty salt

Rust

Rust : Hardcoded salt