Encryption using ECB¶
ID: cs/ecb-encryptionKind: problemSecurity severity: 7.5Severity: warningPrecision: highTags: - security - external/cwe/cwe-327Query suites: - csharp-code-scanning.qls - csharp-security-extended.qls - csharp-security-and-quality.qls
Click to see the query in the CodeQL repository
ECB should not be used as a mode for encryption. It has dangerous weaknesses. Data is encrypted the same way every time meaning the same plaintext input will always produce the same ciphertext. This makes encrypted messages vulnerable to replay attacks.
Recommendation¶
Use a different CypherMode.
References¶
Wikipedia, Block cypher modes of operation,Electronic codebook (ECB).
Common Weakness Enumeration:CWE-327.