C Sharp Weak Rsa Encrypt Padding
Description
Detects the use of weak RSA padding (PKCS#1 v1.5) in C# cryptographic operations through RSA.CreateKeyExchange and RSA.DecryptKeyExchange methods. This padding scheme is vulnerable to padding oracle attacks which could lead to decryption of encrypted messages.
Detection Strategy
• Identifies calls to RSA.CreateKeyExchange or RSA.DecryptKeyExchange methods
• Verifies if the RSA operation uses the legacy PKCS#1 v1.5 padding scheme by checking the class context
• Reports a vulnerability when these cryptographic operations are found with the insecure padding configuration
Vulnerable code example
using System.Security.Cryptography;
public class VulnerableRSA
{
public static void EncryptUnsafe()
{
RSA key = RSA.Create();
byte[] data = new byte[16];...✅ Secure code example
using System.Security.Cryptography;
public class SecureRSA
{
public static void EncryptSafe()
{
RSA key = RSA.Create();
byte[] data = new byte[16];...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.