Missing Support for Integrity Check
Description
The ciphertext produced is susceptible to alteration by an adversary. This means that the cipher provides no way to detect that the data has been tampered with. If the ciphertext can be controlled by an attacker, it could be altered without detection.
Examples
Insecure Code
scala
javax.crypto.Cipher.getInstance("AES/CBC/PKCS5Padding");Secure Code
scala
javax.crypto.Cipher.getInstance("AES/GCM/NoPadding");Remediation
Use a cipher mode that provides integrity checking, such as GCM or CCM.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0021 |
| Category | Crypto |
| Severity | MEDIUM |
| CWE | CWE-353 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | cryptography, integrity |
| OWASP | N/A |