Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-780 (未配合OAEP使用RSA算法) — Vulnerability Class 3

3 vulnerabilities classified as CWE-780 (未配合OAEP使用RSA算法). AI Chinese analysis included.

CWE-780 represents a cryptographic weakness where developers implement the RSA algorithm without utilizing Optimal Asymmetric Encryption Padding (OAEP). This omission leaves the encryption vulnerable because raw RSA is deterministic, meaning identical plaintexts always produce identical ciphertexts. Attackers typically exploit this by leveraging the lack of randomness to perform chosen-plaintext attacks or to identify patterns in encrypted data, effectively nullifying the security provided by the key length. Without OAEP, the plaintext remains predictable, allowing adversaries to compromise confidentiality through statistical analysis or known-plaintext techniques. To avoid this vulnerability, developers must explicitly configure their cryptographic libraries to enforce OAEP padding. This ensures that the encryption process introduces sufficient randomness, making the ciphertext unpredictable and resistant to pattern-based attacks, thereby maintaining the intended security posture of the RSA implementation.

MITRE CWE Description
The product uses the RSA algorithm but does not incorporate Optimal Asymmetric Encryption Padding (OAEP), which might weaken the encryption. Padding schemes are often used with cryptographic algorithms to make the plaintext less predictable and complicate attack efforts. The OAEP scheme is often used with RSA to nullify the impact of predictable common text.
Common Consequences (1)
Access ControlBypass Protection Mechanism
Without OAEP in RSA encryption, it will take less work for an attacker to decrypt the data or to infer patterns from the ciphertext.
Examples (1)
The example below attempts to build an RSA cipher.
public Cipher getRSACipher() { Cipher rsa = null; try { rsa = javax.crypto.Cipher.getInstance("RSA/NONE/NoPadding"); } catch (java.security.NoSuchAlgorithmException e) { log("this should never happen", e); } catch (javax.crypto.NoSuchPaddingException e) { log("this should never happen", e); } return rsa; }
Bad · Java
public Cipher getRSACipher() { Cipher rsa = null; try { rsa = javax.crypto.Cipher.getInstance("RSA/ECB/OAEPWithMD5AndMGF1Padding"); } catch (java.security.NoSuchAlgorithmException e) { log("this should never happen", e); } catch (javax.crypto.NoSuchPaddingException e) { log("this should never happen", e); } return rsa; }
Good · Java
CVE IDTitleCVSSSeverityPublished
CVE-2025-9071 Insecure RSA-OAEP implementation with all-zero seed for padding in Oberon PSA Crypto — Oberon PSA Crypto 7.5 -2025-08-29
CVE-2024-51456 IBM Robotic Process Automation information disclosure — Robotic Process Automation 5.9 Medium2025-01-12
CVE-2022-40722 Misconfiguration of RSA padding for offline MFA in the PingID Adapter for PingFederate. — PingID Adapter for PingFederate 7.7 High2023-04-25

Vulnerabilities classified as CWE-780 (未配合OAEP使用RSA算法) represent 3 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.