gitlab.find_sec_bugs.ECB_MODE-1

unknown

Download Count*

License

An authentication cipher mode which provides better confidentiality of the encrypted data should be used instead of Electronic Code Book (ECB) mode, which does not provide good confidentiality. Specifically, ECB mode produces the same output for the same input each time. This allows an attacker to intercept and replay the data.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: find_sec_bugs.ECB_MODE-1
    patterns:
      - pattern-inside: javax.crypto.Cipher.getInstance("...")
      - pattern-regex: (AES|DES(ede)?)(/ECB/*)
    message: >
      An authentication cipher mode which provides better confidentiality of the
      encrypted data

      should be used instead of Electronic Code Book (ECB) mode, which does not provide good

      confidentiality. Specifically, ECB mode produces the same output for the same input each time.

      This allows an attacker to intercept and replay the data.
    languages:
      - java
    severity: ERROR
    metadata:
      category: security
      cwe: "CWE-326: Inadequate Encryption Strength"
      technology:
        - java
      primary_identifier: find_sec_bugs.ECB_MODE-1
      secondary_identifiers:
        - name: Find Security Bugs-ECB_MODE
          type: find_sec_bugs_type
          value: ECB_MODE
      license: MIT

Short Link: https://sg.run/xPDP