cwe-780-rsa-without-oaep

star 1

Use this skill when you need to remediate CWE-780 (RSA Without OAEP Padding) vulnerabilities in Java code. Triggers on SAST findings, security reviews, or when fixing rsa without oaep padding issues.

DevelopersCoffee By DevelopersCoffee schedule Updated 3/6/2026
play_arrow Run Skill in Manus View GitHub

name: cwe-780-rsa-without-oaep description: Use this skill when you need to remediate CWE-780 (RSA Without OAEP Padding) vulnerabilities in Java code. Triggers on SAST findings, security reviews, or when fixing rsa without oaep padding issues. version: 1.0.0 license: MIT tags:

  • security
  • java
  • cwe-780
  • remediation
  • sast

CWE-780 RSA Without OAEP Padding

Description

RSA Without OAEP Padding

Reference: https://cwe.mitre.org/data/definitions/780.html

OWASP Category: A02:2021 – Cryptographic Failures

Vulnerable Pattern

❌ Example 1: Vulnerable Pattern

// VULNERABLE: PKCS1 padding is susceptible to padding oracle attacks
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] encrypted = cipher.doFinal(plaintext);

Why it's vulnerable: This pattern is vulnerable to RSA Without OAEP Padding

Deterministic Fix

✅ Secure Implementation: Secure Implementation

// SECURE: Use OAEP padding
Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] encrypted = cipher.doFinal(plaintext);

// Or with explicit OAEP parameters
OAEPParameterSpec oaepParams = new OAEPParameterSpec(
    "SHA-256",
    "MGF1",
    MGF1ParameterSpec.SHA256,
    PSource.PSpecified.DEFAULT
);
cipher.init(Cipher.ENCRYPT_MODE, publicKey, oaepParams);

Why it's secure: Implements proper protection against RSA Without OAEP Padding

Detection Pattern

Look for these patterns in your codebase:

# Find RSA with weak padding
grep -rn "RSA.*PKCS1\|RSA/ECB/PKCS1" --include="*.java"

Remediation Steps

  1. Replace PKCS1Padding with OAEPWithSHA-256AndMGF1Padding

  2. Use SHA-256 or stronger for OAEP hash

  3. Consider using hybrid encryption (AES + RSA)

Key Imports


import javax.crypto.Cipher;

import javax.crypto.spec.OAEPParameterSpec;

Verification

After remediation:

  • Run SAST scanner to confirm vulnerability is resolved

  • Review all instances of the vulnerable pattern

  • Add unit tests that verify the secure implementation

  • Check for similar patterns in related code

Trigger Examples

Fix CWE-780 vulnerability
Resolve RSA Without OAEP Padding issue
Secure this Java code against rsa without oaep padding
SAST reports CWE-780

Common Vulnerable Locations

Layer Files Patterns

| Controller | *Controller.java | User input handling |

| Service | *Service.java | Business logic |

| Repository | *Repository.java | Data access |

References

Source: Generated by Java CWE Security Skills Generator Last Updated: 2026-03-07

Install via CLI
npx skills add https://github.com/DevelopersCoffee/java-cwe-security-skills --skill cwe-780-rsa-without-oaep
Repository Details
star Stars 1
call_split Forks 0
navigation Branch main
article Path SKILL.md
More from Creator
DevelopersCoffee
DevelopersCoffee Explore all skills →