Weak encryption: inadequate RSA padding¶
ID: cs/inadequate-rsa-padding Kind: problem Severity: warning Precision: high Tags: - security - external/cwe/cwe-327 - external/cwe/cwe-780 Query suites: - csharp-code-scanning.qls - csharp-security-extended.qls - csharp-security-and-quality.qls
This query finds uses of RSA encryption without secure padding. Using PKCS#1 v1.5 padding can open up your application to several different attacks resulting in the exposure of the encryption key or the ability to determine plaintext from encrypted messages.
Use the more secure PKCS#1 v2 (OAEP) padding.