Use of a broken or risky cryptographic algorithm
Description
This specific mode of CBC with PKCS5Padding is susceptible to padding oracle attacks. An adversary could potentially decrypt the message if the system exposed the difference between plaintext with invalid padding or valid padding.
Examples
Insecure Code
kotlin
javax.crypto.Cipher.getInstance("AES/CBC/PKCS5Padding");Secure Code
kotlin
javax.crypto.Cipher.getInstance("AES/GCM/NoPadding");Remediation
Use a secure cryptographic algorithm and mode, such as GCM or EAX, and ensure that error messages do not reveal information about the padding validity.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0303 |
| Category | Crypto |
| Severity | CRITICAL |
| CWE | CWE-327 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | padding oracle, cryptographic algorithm |
| OWASP | A3:2017-Sensitive Data Exposure, A02:2021-Cryptographic Failures |