Skip to main content
Symmetric cryptographic operations were identified that use Electronic Code Book (ECB) mode. ECB mode is considered insecure as identical plaintext blocks encrypt to identical ciphertexts revealing patterns in the data. Use stronger, better alternatives such as AES-GCM or ChaChaPoly.
Likelihood: HIGH
Confidence: HIGH
CWE:
- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures