mobsf.mobsfscan.aes_ecb.aes_ecb_mode_default

MobSF

Author

505

Download Count*

License

Calling Cipher.getInstance("AES") will return AES ECB mode by default. ECB mode is known to be weak as it results in the same ciphertext for identical blocks of plaintext.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: aes_ecb_mode_default
    patterns:
      - pattern-either:
          - pattern: |
              Cipher.getInstance("AES")
    message: Calling Cipher.getInstance("AES") will return AES ECB mode by default.
      ECB mode is known to be weak as it results in the same ciphertext for
      identical blocks of plaintext.
    severity: ERROR
    languages:
      - java
    metadata:
      cwe: cwe-327
      owasp-mobile: m5
      masvs: crypto-2
      reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode
      license: LGPL-3.0-or-later

Short Link: https://sg.run/rkxR