hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-10 05:00:29 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
633bac633c9d97e89b2024901fa58217c947e5ef
codeql/csharp/ql/src/Security Features/InadequateRSAPadding.qhelp
Pavel Avgustinov b55526aa58 QL code and tests for C#/C++/JavaScript.
2018-08-02 17:53:23 +01:00

19 lines
607 B
XML
Raw Blame History

<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<overview>
<p>This query finds uses of RSA encryption without secure padding. Using PKCS#1 v1.5 padding can open up your application to several different attacks resulting in the exposure of the encryption key or the ability to determine plaintext from encrypted messages.</p>
</overview>
<recommendation>
<p>Use the more secure PKCS#1 v2 (OAEP) padding.</p>
</recommendation>
<references>
<li>Wikipedia. <a href="http://en.wikipedia.org/wiki/RSA_(algorithm)#Padding_schemes">RSA. Padding Schemes</a>.</li>
</references>
</qhelp>
Reference in New Issue View Git Blame Copy Permalink