ECB cipher mode detected

Description

ECB (electronic cookbook) encryption mode is insecure and not recommended for use in cryptographic protocols. Instead, prefer cryptographic algorithms that have built-in message integrity and that do not require a mode of operation to be configured, such as ChaCha20-Poly1305 or, for older applications that do not support this, AES-256-GCM.

Remediations

✅ Choose ChaCha20Poly1305 or AES-256-GCM for encryption, both of which offer built-in message integrity.

  Cipher chaChaCipher = Cipher.getInstance("ChaCha20-Poly1305/None/NoPadding");

Resources

Associated CWE

OWASP Top 10

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=java_lang_weak_encryption_ecb_mode

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=java_lang_weak_encryption_ecb_mode

Ready to take the next step? Learn more about Bearer Cloud.