Inadequate Encryption Strength
Description
An authentication cipher mode which provides better confidentiality of the encrypted data should be used instead of Electronic Code Book (ECB) mode, which does not provide good confidentiality. Specifically, ECB mode produces the same output for the same input each time. This allows an attacker to intercept and replay the data.
Examples
Insecure Code
scala
val cipher = Cipher.getInstance("AES/ECB/NoPadding")Secure Code
scala
val cipher = Cipher.getInstance("AES/CBC/NoPadding")Remediation
Use a more secure cipher mode like CBC, CFB, or GCM instead of ECB mode.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0020 |
| Category | Crypto |
| Severity | MEDIUM |
| CWE | CWE-326 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | insecure-cipher-mode, ecb-mode |
| OWASP | N/A |