Use of a broken or risky cryptographic algorithm
Description
AES with ECB mode is deterministic in nature and not suitable for encrypting large amount of repetitive data.
Examples
Insecure Code
javascript
const cipher = crypto.createCipheriv('aes-256-ecb', 'key');Secure Code
javascript
const cipher = crypto.createCipheriv('aes-256-cbc', 'key', 'iv');Remediation
Use a secure encryption mode like CBC or GCM instead of ECB.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0350 |
| Category | Crypto |
| Severity | MEDIUM |
| CWE | CWE-327 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | encryption, crypto |
| OWASP | A3:2017-Sensitive Data Exposure, A02:2021-Cryptographic Failures |