In cryptography, a
padding oracle attack is an attack which is performed using the
padding of a cryptographic message. In cryptography, variable-length plaintext messages often have to be padded (expanded) to be compatible with the underlying
cryptographic primitive. The attack relies on having a "padding oracle" who freely responds to queries about whether a message is correctly padded or not. Padding oracle attacks are mostly associated with
CBC mode decryption used within
block ciphers. Padding modes for asymmetric algorithms such as
OAEP may also be vulnerable to padding oracle attacks.