BerylEnigma icon indicating copy to clipboard operation
BerylEnigma copied to clipboard
verified publisher icon ffffffff0x

Insecure use of (Insecure cipher mode: ECB) in symmetricEncryption.java

Open A-Amyan opened this issue 5 months ago • 0 comments

We are a German research group investigating the misuse of cryptographic APIs. We found vulnerabilities in symmetricEncryption.java at lines {35, 49}, which can lead to an attack (e.g., Codebook attack (plaintext pattern analysis), Block replay/cut-and-paste attack).

This is our result:

    "explanation": "Direct call to Cipher.getInstance within the encrypt method using the provided cipherInstance parameter.",
    "cryptographicObjectType": "Cipher",
    "codeSnippet": "Cipher cipher = Cipher.getInstance(cipherInstance);",
    "vulnerabilityType": "Insecure",
    "correction": "The transformation string 'AES/ECB/NoPadding' uses ECB mode, which is known to be insecure. Replace it with a secure mode such as CBC or GCM (for example, 'AES/CBC/PKCS5Padding' or 'AES/GCM/NoPadding') and, if needed, change the IV handling accordingly.",

A-Amyan avatar Jul 09 '25 11:07 A-Amyan