gitlab.security_code_scan.SCS0013-1
unknown
Download Count*
License
The cipher text produced is susceptible to alteration by an adversary. The cipher provides no way to detect that the data has been tampered with. If the cipher text can be controlled by an attacker, it could be altered without detection. The use of AES in CBC mode with a HMAC is recommended guaranteeing integrity and confidentiality.
Run Locally
Run in CI
Defintion
rules:
- id: security_code_scan.SCS0013-1
patterns:
- pattern-inside: |
using System.Security.Cryptography;
...
- metavariable-regex:
metavariable: $CIPHER
regex: ^(ECB|CBC|OFB|CFB|CTS)$
- pattern: CipherMode.$CIPHER
message: >
The cipher text produced is susceptible to alteration by an adversary. The
cipher provides no
way to detect that the data has been tampered with. If the cipher text can be controlled by an
attacker, it could be altered without detection. The use of AES in CBC mode with a HMAC is
recommended guaranteeing integrity and confidentiality.
languages:
- csharp
severity: WARNING
metadata:
category: security
cwe: "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
license: MIT
Short Link: https://sg.run/5gZ0