Without OAEP in RSA encryption, it takes less work for an attacker to decrypt the data or infer patterns from the ciphertext.

Noncompliant Code Example

Cipher rsa = javax.crypto.Cipher.getInstance("RSA/NONE/NoPadding");

Compliant Solution

Cipher rsa = javax.crypto.Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");

See

• MITRE CWE-780 - Use of RSA Algorithm without OAEP
• MITRE CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
• OWASP Top Ten 2013 Category A6 - Sensitive Data Exposure