The RSA algorithm is used without OAEP padding, thereby making the encryption weak.
When used in practice, RSA is generally combined with some padding scheme. The goal of the padding scheme is to prevent a number of attacks that potentially work against RSA without padding.
Example 1: The following code creates an RSA cipher without appropriate padding.
public Cipher getRSACipher() {
Cipher rsa = null;
try {
rsa = javax.crypto.Cipher.getInstance("RSA/NONE/NoPadding");
}
catch (java.security.NoSuchAlgorithmException e) {
log("this should never happen", e);
}
catch (javax.crypto.NoSuchPaddingException e) {
log("this should never happen", e);
}
return rsa;
}
[1] Standards Mapping - OWASP Top 10 2010 - (OWASP 2010) A7 Insecure Cryptographic Storage
[2] Standards Mapping - OWASP Top 10 2007 - (OWASP 2007) A8 Insecure Cryptographic Storage
[3] Standards Mapping - OWASP Top 10 2004 - (OWASP 2004) A8 Insecure Storage
[4] Standards Mapping - Security Technical Implementation Guide Version 3 - (STIG 3) APP3150.1 CAT II
[5] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 325
[6] Standards Mapping - Web Application Security Consortium 24 + 2 - (WASC 24 + 2) Information Leakage
[7] Standards Mapping - FIPS200 - (FISMA) MP
[8] OPENSSL Documentation
[9] PKCS #1 v2.1: RSA Cryptography Standard
[10] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 - (PCI 1.2) Requirement 6.3.1.3, Requirement 6.5.8
[11] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0 - (PCI 2.0) Requirement 6.5.3
[12] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 - (PCI 1.1) Requirement 6.5.8
[13] Wikipedia