Missing Optimal Asymmetric Encryption Padding (OAEP)

Description

The RSA encryption algorithm is weak when used without Optimal Asymmetric Encryption Padding (OAEP).

Remediations

✅ Always use OAEP when using RSA encryption

  Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithMD5AndMGF1Padding")

Resources

Associated CWE

OWASP Top 10

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=java_lang_rsa_no_padding

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=java_lang_rsa_no_padding

Ready to take the next step? Learn more about Bearer Cloud.