From 41bdd6d4cc1a84264c04f1e8cd324fdab7ebee4a Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Fri, 5 Aug 2022 12:55:28 +0100 Subject: [PATCH 1/8] Add RSA without OEAP query and qhelp --- .../java/security/RsaWithoutOaepQuery.qll | 15 +++++++++++ .../Security/CWE/CWE-780/RsaWithoutOaep.java | 7 +++++ .../Security/CWE/CWE-780/RsaWithoutOaep.qhelp | 27 +++++++++++++++++++ .../Security/CWE/CWE-780/RsaWithoutOaep.ql | 17 ++++++++++++ 4 files changed, 66 insertions(+) create mode 100644 java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll create mode 100644 java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.java create mode 100644 java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.qhelp create mode 100644 java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql diff --git a/java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll b/java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll new file mode 100644 index 000000000000..357ef5d1b24e --- /dev/null +++ b/java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll @@ -0,0 +1,15 @@ +/** Definitions for the RSE without OAEP query */ + +import java +import semmle.code.java.dataflow.DataFlow + +/** Holds if `ma` is a call to `Cipher.getInstance` which initialises an RSA cipher without using OAEP padding. */ +predicate rsaWithoutOaepCall(MethodAccess ma) { + ma.getMethod().hasQualifiedName("javax.crypto", "Cipher", "getInstance") and + exists(CompileTimeConstantExpr specExpr, string spec | + specExpr.getStringValue() = spec and + DataFlow::localExprFlow(specExpr, ma.getArgument(0)) and + spec.matches("RSA/%") and + not spec.matches("%OAEP%") + ) +} diff --git a/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.java b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.java new file mode 100644 index 000000000000..684b58eca735 --- /dev/null +++ b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.java @@ -0,0 +1,7 @@ +// BAD: No padding scheme is used +Cipher rsa = Cipher.getInstance("RSA/ECB/NoPadding") +... + +//GOOD: OAEP padding is used +Cipher rsa = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding") +... \ No newline at end of file diff --git a/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.qhelp b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.qhelp new file mode 100644 index 000000000000..0b07dfd9caa3 --- /dev/null +++ b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.qhelp @@ -0,0 +1,27 @@ + + + + +

Cryptographic algorithms often use padding schemes to make the plaintext less predictable. The OAEP scheme (Optimal Asymmetric Encryption Padding) should used with RSA encryption. + Using no padding or an outdated padding scheme such as PKCS1 can weaken the encryption by making it vulnerable to a padding oracle attack. +

+ + + +

Use the OAEP scheme when using RSA encryption.

+ + + +

In the following example, the BAD case shows no padding being used, whereas the GOOD case shows an OAEP scheme being used.

+ + + + +
  • + Mobile Security Testing Guide. +
    • +
  • + The Padding Oracle Attack. +
    • +     +     diff --git a/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql new file mode 100644 index 000000000000..6581e956c939 --- /dev/null +++ b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql @@ -0,0 +1,17 @@ +/** + * @name Use of RSA algorithm without OAEP + * @description Using RSA encryption without OAEP padding can lead to a padding oracle attack, weakening the encryption. + * @kind problem + * @problem.severity warning + * @precision high + * @id java/rsa-without-oaep + * @tags security + * external/cwe/cwe-780 + */ + +import java +import semmle.code.java.security.RsaWithoutOaepQuery + +from MethodAccess ma +where rsaWithoutOaepCall(ma) +select ma, "This instance of RSA does not use OAEP padding." From 9ae652dd6ad5463e7981f1ab95351b5b768a9849 Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Fri, 5 Aug 2022 17:18:43 +0100 Subject: [PATCH 2/8] Add tests --- .../Security/CWE/CWE-780/RsaWithoutOaep.java | 4 ++-- .../CWE-780/RsaWithoutOaepTest.expected | 0 .../security/CWE-780/RsaWithoutOaepTest.java | 9 +++++++++ .../security/CWE-780/RsaWithoutOaepTest.ql | 19 +++++++++++++++++++ 4 files changed, 30 insertions(+), 2 deletions(-) create mode 100644 java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.expected create mode 100644 java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.java create mode 100644 java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.ql diff --git a/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.java b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.java index 684b58eca735..34024a59f6e0 100644 --- a/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.java +++ b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.java @@ -1,7 +1,7 @@ // BAD: No padding scheme is used -Cipher rsa = Cipher.getInstance("RSA/ECB/NoPadding") +Cipher rsa = Cipher.getInstance("RSA/ECB/NoPadding"); ... //GOOD: OAEP padding is used -Cipher rsa = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding") +Cipher rsa = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding"); ... \ No newline at end of file diff --git a/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.expected b/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.expected new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.java b/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.java new file mode 100644 index 000000000000..a8fc28c7d1d1 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.java @@ -0,0 +1,9 @@ +import javax.crypto.Cipher; + +class RsaWithoutOaep { + public void test() throws Exception { + Cipher rsaBad = Cipher.getInstance("RSA/ECB/NoPadding"); // $hasResult + + Cipher rsaGood = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding"); + } +} \ No newline at end of file diff --git a/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.ql b/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.ql new file mode 100644 index 000000000000..29d6120a9d8d --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.ql @@ -0,0 +1,19 @@ +import java +import TestUtilities.InlineExpectationsTest +import semmle.code.java.security.RsaWithoutOaepQuery + +class HasResult extends InlineExpectationsTest { + HasResult() { this = "HasResult" } + + override string getARelevantTag() { result = "hasResult" } + + override predicate hasActualResult(Location location, string element, string tag, string value) { + tag = "hasResult" and + value = "" and + exists(MethodAccess ma | + rsaWithoutOaepCall(ma) and + location = ma.getLocation() and + element = ma.toString() + ) + } +} From 08b77493d203ad42c2c28657d41ba4372ed38442 Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Fri, 5 Aug 2022 17:41:00 +0100 Subject: [PATCH 3/8] Add security severity and change note --- java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql | 1 + java/ql/src/change-notes/2022-08-05-rsa-without-oaep.md | 4 ++++ 2 files changed, 5 insertions(+) create mode 100644 java/ql/src/change-notes/2022-08-05-rsa-without-oaep.md diff --git a/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql index 6581e956c939..22602c23482d 100644 --- a/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql +++ b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql @@ -3,6 +3,7 @@ * @description Using RSA encryption without OAEP padding can lead to a padding oracle attack, weakening the encryption. * @kind problem * @problem.severity warning + * @security-severity 7.5 * @precision high * @id java/rsa-without-oaep * @tags security diff --git a/java/ql/src/change-notes/2022-08-05-rsa-without-oaep.md b/java/ql/src/change-notes/2022-08-05-rsa-without-oaep.md new file mode 100644 index 000000000000..06d71cbf8653 --- /dev/null +++ b/java/ql/src/change-notes/2022-08-05-rsa-without-oaep.md @@ -0,0 +1,4 @@ +--- +category: newQuery +--- +* A new query "Use of RSA algorithm without OAEP" (`java/rsa-without-oaep`) has been added. This query finds uses of RSA encryption that don't use the OAEP scheme. \ No newline at end of file From c77b17574a51d5ca817d3453e93c76a04ae3fb0a Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Fri, 5 Aug 2022 17:53:55 +0100 Subject: [PATCH 4/8] Use CryptoAlgoSpec rather than hadcoding Cipher.getInstance --- .../lib/semmle/code/java/security/RsaWithoutOaepQuery.qll | 8 ++++---- java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql | 7 ++++--- .../query-tests/security/CWE-780/RsaWithoutOaepTest.ql | 8 ++++---- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll b/java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll index 357ef5d1b24e..6fb91edcf924 100644 --- a/java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll +++ b/java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll @@ -1,14 +1,14 @@ /** Definitions for the RSE without OAEP query */ import java +import Encryption import semmle.code.java.dataflow.DataFlow -/** Holds if `ma` is a call to `Cipher.getInstance` which initialises an RSA cipher without using OAEP padding. */ -predicate rsaWithoutOaepCall(MethodAccess ma) { - ma.getMethod().hasQualifiedName("javax.crypto", "Cipher", "getInstance") and +/** Holds if `c` is a call which initialises an RSA cipher without using OAEP padding. */ +predicate rsaWithoutOaepCall(CryptoAlgoSpec c) { exists(CompileTimeConstantExpr specExpr, string spec | specExpr.getStringValue() = spec and - DataFlow::localExprFlow(specExpr, ma.getArgument(0)) and + DataFlow::localExprFlow(specExpr, c.getAlgoSpec()) and spec.matches("RSA/%") and not spec.matches("%OAEP%") ) diff --git a/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql index 22602c23482d..89a91c54d937 100644 --- a/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql +++ b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql @@ -11,8 +11,9 @@ */ import java +import semmle.code.java.security.Encryption import semmle.code.java.security.RsaWithoutOaepQuery -from MethodAccess ma -where rsaWithoutOaepCall(ma) -select ma, "This instance of RSA does not use OAEP padding." +from CryptoAlgoSpec c +where rsaWithoutOaepCall(c) +select c, "This instance of RSA does not use OAEP padding." diff --git a/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.ql b/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.ql index 29d6120a9d8d..09dc1e5d194e 100644 --- a/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.ql +++ b/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.ql @@ -10,10 +10,10 @@ class HasResult extends InlineExpectationsTest { override predicate hasActualResult(Location location, string element, string tag, string value) { tag = "hasResult" and value = "" and - exists(MethodAccess ma | - rsaWithoutOaepCall(ma) and - location = ma.getLocation() and - element = ma.toString() + exists(CryptoAlgoSpec c | + rsaWithoutOaepCall(c) and + location = c.getLocation() and + element = c.toString() ) } } From fe5a61bddec0de814a9d8ce17c618e18bd7b00e6 Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Thu, 11 Aug 2022 14:03:31 +0100 Subject: [PATCH 5/8] Fix typos in docs and comments --- java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll | 2 +- java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.qhelp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll b/java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll index 6fb91edcf924..2a4c8a708f28 100644 --- a/java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll +++ b/java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll @@ -1,4 +1,4 @@ -/** Definitions for the RSE without OAEP query */ +/** Definitions for the RSA without OAEP query */ import java import Encryption diff --git a/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.qhelp b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.qhelp index 0b07dfd9caa3..227b3797abf0 100644 --- a/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.qhelp +++ b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.qhelp @@ -2,7 +2,7 @@ -

    Cryptographic algorithms often use padding schemes to make the plaintext less predictable. The OAEP scheme (Optimal Asymmetric Encryption Padding) should used with RSA encryption. +

    Cryptographic algorithms often use padding schemes to make the plaintext less predictable. The OAEP scheme (Optimal Asymmetric Encryption Padding) should be used with RSA encryption. Using no padding or an outdated padding scheme such as PKCS1 can weaken the encryption by making it vulnerable to a padding oracle attack.

    From de69827711060b03dec94575b89b6635fafd6170 Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Tue, 16 Aug 2022 11:10:20 +0100 Subject: [PATCH 6/8] Use a full dataflow config rather than local flow --- .../java/security/RsaWithoutOaepQuery.qll | 24 ++++++++++++------- .../Security/CWE/CWE-780/RsaWithoutOaep.ql | 11 +++++---- .../security/CWE-780/RsaWithoutOaepTest.java | 10 +++++++- .../security/CWE-780/RsaWithoutOaepTest.ql | 17 ++++--------- 4 files changed, 35 insertions(+), 27 deletions(-) diff --git a/java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll b/java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll index 2a4c8a708f28..71cbb565e009 100644 --- a/java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll +++ b/java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll @@ -4,12 +4,20 @@ import java import Encryption import semmle.code.java.dataflow.DataFlow -/** Holds if `c` is a call which initialises an RSA cipher without using OAEP padding. */ -predicate rsaWithoutOaepCall(CryptoAlgoSpec c) { - exists(CompileTimeConstantExpr specExpr, string spec | - specExpr.getStringValue() = spec and - DataFlow::localExprFlow(specExpr, c.getAlgoSpec()) and - spec.matches("RSA/%") and - not spec.matches("%OAEP%") - ) +/** A configuration for finding RSA ciphers initialized without using OAEP padding. */ +class RsaWithoutOaepConfig extends DataFlow::Configuration { + RsaWithoutOaepConfig() { this = "RsaWithoutOaepConfig" } + + override predicate isSource(DataFlow::Node src) { + exists(CompileTimeConstantExpr specExpr, string spec | + specExpr.getStringValue() = spec and + specExpr = src.asExpr() and + spec.matches("RSA/%") and + not spec.matches("%OAEP%") + ) + } + + override predicate isSink(DataFlow::Node sink) { + exists(CryptoAlgoSpec cr | sink.asExpr() = cr.getAlgoSpec()) + } } diff --git a/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql index 89a91c54d937..65caac8389ab 100644 --- a/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql +++ b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql @@ -1,7 +1,7 @@ /** * @name Use of RSA algorithm without OAEP * @description Using RSA encryption without OAEP padding can lead to a padding oracle attack, weakening the encryption. - * @kind problem + * @kind path-problem * @problem.severity warning * @security-severity 7.5 * @precision high @@ -11,9 +11,10 @@ */ import java -import semmle.code.java.security.Encryption import semmle.code.java.security.RsaWithoutOaepQuery +import DataFlow::PathGraph -from CryptoAlgoSpec c -where rsaWithoutOaepCall(c) -select c, "This instance of RSA does not use OAEP padding." +from RsaWithoutOaepConfig conf, DataFlow::Node source, DataFlow::Node sink +where conf.hasFlow(source, sink) +select source, source, sink, + "This specification is used to initialize an RSA cipher without OAEP padding $@.", sink, "here" diff --git a/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.java b/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.java index a8fc28c7d1d1..b8a1c73110c5 100644 --- a/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.java +++ b/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.java @@ -2,8 +2,16 @@ class RsaWithoutOaep { public void test() throws Exception { - Cipher rsaBad = Cipher.getInstance("RSA/ECB/NoPadding"); // $hasResult + Cipher rsaBad = Cipher.getInstance("RSA/ECB/NoPadding"); // $hasTaintFlow Cipher rsaGood = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding"); } + + public Cipher getCipher(String spec) throws Exception { + return Cipher.getInstance(spec); // $hasTaintFlow + } + + public void test2() throws Exception { + Cipher rsa = getCipher("RSA/ECB/NoPadding"); + } } \ No newline at end of file diff --git a/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.ql b/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.ql index 09dc1e5d194e..bf8e8cbae211 100644 --- a/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.ql +++ b/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.ql @@ -1,19 +1,10 @@ import java import TestUtilities.InlineExpectationsTest +import TestUtilities.InlineFlowTest import semmle.code.java.security.RsaWithoutOaepQuery -class HasResult extends InlineExpectationsTest { - HasResult() { this = "HasResult" } +class HasFlowTest extends InlineFlowTest { + override DataFlow::Configuration getTaintFlowConfig() { result instanceof RsaWithoutOaepConfig } - override string getARelevantTag() { result = "hasResult" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { - tag = "hasResult" and - value = "" and - exists(CryptoAlgoSpec c | - rsaWithoutOaepCall(c) and - location = c.getLocation() and - element = c.toString() - ) - } + override DataFlow::Configuration getValueFlowConfig() { none() } } From 5d00b871d4712c6e6d3ec838e994e22a3576994a Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Wed, 17 Aug 2022 11:58:11 +0100 Subject: [PATCH 7/8] Correct node type --- java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql index 65caac8389ab..e841f5543c2d 100644 --- a/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql +++ b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql @@ -14,7 +14,7 @@ import java import semmle.code.java.security.RsaWithoutOaepQuery import DataFlow::PathGraph -from RsaWithoutOaepConfig conf, DataFlow::Node source, DataFlow::Node sink -where conf.hasFlow(source, sink) +from RsaWithoutOaepConfig conf, DataFlow::PathNode source, DataFlow::PathNode sink +where conf.hasFlowPath(source, sink) select source, source, sink, "This specification is used to initialize an RSA cipher without OAEP padding $@.", sink, "here" From e8f027dab28f188fb4c511572c266411b8d6b9c4 Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Thu, 18 Aug 2022 14:21:40 +0100 Subject: [PATCH 8/8] Apply docs suggestions from code review Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> --- java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.qhelp | 4 ++-- java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.qhelp b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.qhelp index 227b3797abf0..03b0e0325207 100644 --- a/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.qhelp +++ b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.qhelp @@ -2,8 +2,8 @@ -

    Cryptographic algorithms often use padding schemes to make the plaintext less predictable. The OAEP scheme (Optimal Asymmetric Encryption Padding) should be used with RSA encryption. - Using no padding or an outdated padding scheme such as PKCS1 can weaken the encryption by making it vulnerable to a padding oracle attack. +

    Cryptographic algorithms often use padding schemes to make the plaintext less predictable. The OAEP (Optimal Asymmetric Encryption Padding) scheme should be used with RSA encryption. + Using an outdated padding scheme such as PKCS1, or no padding at all, can weaken the encryption by making it vulnerable to a padding oracle attack.

    diff --git a/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql index e841f5543c2d..a5c8b954d277 100644 --- a/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql +++ b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql @@ -1,6 +1,6 @@ /** * @name Use of RSA algorithm without OAEP - * @description Using RSA encryption without OAEP padding can lead to a padding oracle attack, weakening the encryption. + * @description Using RSA encryption without OAEP padding can result in a padding oracle attack, leading to a weaker encryption. * @kind path-problem * @problem.severity warning * @security-severity 7.5