Use of a broken or risky cryptographic algorithm
Description
Cryptographic block ciphers can be configured to pad individual blocks if there is not enough input data to match the size of the block. This specific mode of CBC used in combination with PKCS5Padding is susceptible to padding oracle attacks. An adversary could potentially decrypt the message if the system exposed the difference between plaintext with invalid padding or valid padding.
Examples
Insecure Code
java
javax.crypto.Cipher.getInstance("AES/CBC/PKCS5Padding");Secure Code
java
Cipher chaChaCipher = Cipher.getInstance("ChaCha20-Poly1305/None/NoPadding");Remediation
Consider switching to a more secure cipher that doesn't require padding and builds in message authentication integrity directly into the algorithm. Consider using `ChaCha20Poly1305` or `AES-256-GCM` instead.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0690 |
| Category | Crypto |
| Severity | MEDIUM |
| CWE | CWE-327 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | padding oracle attack, cryptographic algorithm |
| OWASP | A3:2017-Sensitive Data Exposure, A02:2021-Cryptographic Failures |