mobsf.mobsfscan.aes_ecb.aes_ecb_mode

MobSF

Author

505

Download Count*

License

The App uses ECB mode in Cryptographic encryption algorithm. ECB mode is known to be weak as it results in the same ciphertext for identical blocks of plaintext.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: aes_ecb_mode
    patterns:
      - pattern-either:
          - pattern: |
              Cipher.getInstance("=~/AES\/ECB.*/i")
    message: The App uses ECB mode in Cryptographic encryption algorithm. ECB mode
      is known to be weak as it results in the same ciphertext for identical
      blocks of plaintext.
    severity: ERROR
    languages:
      - java
    metadata:
      cwe: cwe-327
      owasp-mobile: m5
      masvs: crypto-2
      reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode
      license: LGPL-3.0-or-later

Short Link: https://sg.run/y6eR