このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
ID: java-security/cipher-padding-oracle
Language: Java
Severity: Error
Category: Security
CWE: 326
Description
CBC mode used with PKCS5Padding
is susceptible to padding attacks. Datadog recommends using AES/GCM/NoPadding
.
Learn More
Non-Compliant Code Examples
class MyClass {
public void test1() {
Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding");
c.init(Cipher.ENCRYPT_MODE, k, iv);
byte[] cipherText = c.doFinal(plainText);
}
public void test2() {
Cipher c = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5Padding");
c.init(Cipher.ENCRYPT_MODE, k, iv);
byte[] cipherText = c.doFinal(plainText);
}
}
Compliant Code Examples
class MyClass {
public void test() {
Cipher c = Cipher.getInstance("AES/GCM/NoPadding");
c.init(Cipher.ENCRYPT_MODE, k, iv);
byte[] cipherText = c.doFinal(plainText);
}
public void test2() {
Cipher c = javax.crypto.Cipher.getInstance("AES/GCM/NoPadding");
c.init(Cipher.ENCRYPT_MODE, k, iv);
byte[] cipherText = c.doFinal(plainText);
}
}
Seamless integrations. Try Datadog Code Analysis