ECB cipher mode detected
- Rule ID: java_lang_weak_encryption_ecb_mode
- Languages: java
- Source: weak_encryption_ecb_mode.yml
ECB (electronic cookbook) encryption mode is insecure and not recommended for use in cryptographic protocols. Instead, prefer cryptographic algorithms that have built-in message integrity and that do not require a mode of operation to be configured, such as ChaCha20-Poly1305 or, for older applications that do not support this, AES-256-GCM.
✅ Choose ChaCha20Poly1305 or AES-256-GCM for encryption, both of which offer built-in message integrity.
Cipher chaChaCipher = Cipher.getInstance("ChaCha20-Poly1305/None/NoPadding");
OWASP Top 10
To skip this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --skip-rule=java_lang_weak_encryption_ecb_mode
To run only this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --only-rule=java_lang_weak_encryption_ecb_mode
Ready to take the next step? Learn more about Bearer Cloud.