C Sharp Rsa Secure Mode
Description
Detects potentially insecure RSA encryption in C# code where unsafe padding modes or configuration options are used. Improper RSA padding can make encryption vulnerable to oracle attacks and other cryptographic vulnerabilities.
Detection Strategy
• Identifies variables and objects that use RSA cryptography functionality
• Locates calls to the Encrypt() method on RSA objects
• Examines the encryption parameters and mode settings passed to these calls
• Reports a vulnerability when RSA encryption is used without secure padding modes or with unsafe configuration options
Vulnerable code example
using System;
using System.Security.Cryptography;
class InsecureRSA {
public static void Main() {
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
byte[] data = new byte[32]; // Sample data to encrypt
var result = rsa.Encrypt(data, false); // Vulnerable: using false for padding parameter makes encryption unsafe...✅ Secure code example
using System;
using System.Security.Cryptography;
class SecureRSA {
public static void Main() {
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider()) {
byte[] data = new byte[32]; // Sample data to encrypt
...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.