Weak Encryption: Inadequate RSA Padding

Hello,  

The security testing tool Fortify on Demand has detected vulnerability in Line 404 in FileDownloader.cs:

https://github.com/wyday/wyupdate/blob/master/FileDownloader.cs

SAPKCS1SignatureDeformatter RSADeformatter = new RSAPKCS1SignatureDeformatter(RSA);

The method ValidateDownload() in FileDownloader.cs performs public key RSA encryption without OAEP padding, thereby making the encryption weak.

I was wondering if there is an option to select a different padding for update signing.

Thanks!

Reply
Discard post