Details

    • Type: Vulnerability Detection
    • Status: Closed
    • Resolution: Duplicate
    • Labels:
    • Message:
      Hide
      * Remove this hard-coded IV.
      * Use "SecureRandom" instead of "Random" to create this IV.
      * Generate a new IV for each encryption cycle.
      Show
      * Remove this hard-coded IV. * Use "SecureRandom" instead of "Random" to create this IV. * Generate a new IV for each encryption cycle.
    • Default Severity:
      Critical
    • Impact:
      High
    • Likelihood:
      Low
    • Default Quality Profiles:
      Sonar way
    • Targeted languages:
      C#, C++, Java, Objective-C, PHP, Python, Swift, VB.Net
    • Remediation Function:
      Constant/Issue
    • Constant Cost:
      15min
    • Implementation details:
    • CWE:
      CWE-329

      Description

      When CBC (Cypher Block Chaining) is used for encryption, the IV (Initialization Vector) must be random an unpredictable. Otherwise it exposes the encrypted value to crypto-analysis attacks like "Chosen-Plaintext Attacks".

      An IV should be used in one and only one encryption cycle because its purpose is to ensure that a different cyphertext value results each time a given plain text value is encrypted.

      Noncompliant Code Example

      public String cbcEncrypt(String strKey, String plainText) {
      
        String strIV = "7cVgr5cbdCZVw5WY";
        IvParameterSpec ivSpec = new IvParameterSpec(strIV.getBytes("UTF-8"));
        SecretKeySpec skeySpec = new SecretKeySpec(strKey.getBytes("UTF-8"), "AES");
      
        /* Ciphering */
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
        cipher.init(Cipher.ENCRYPT_MODE, skeySpec, ivSpec);  // Noncompliant
        byte[] encryptedBytes = cipher.doFinal(plaintText.getBytes("UTF-8"));
        return DatatypeConverter.printBase64Binary(ivBytes) + ";" + DatatypeConverter.printBase64Binary(encryptedBytes);
      }
      

      Compliant Solution

      private SecureRandom random = new SecureRandom();
      
      public void cbcEncrypt(String strKey, String plainText) {
      
        byte ivBytes[] = new byte[16];
        random.nextBytes(ivBytes);
        IvParameterSpec ivSpec = new IvParameterSpec(ivBytes);
        SecretKeySpec skeySpec = new SecretKeySpec(strKey.getBytes("UTF-8"), "AES");
      
        /* Ciphering */
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
        cipher.init(Cipher.ENCRYPT_MODE, skeySpec, ivSpec); 
        byte[] encryptedBytes = cipher.doFinal(plaintText.getBytes("UTF-8"));
        return DatatypeConverter.printBase64Binary(ivBytes) + ";" + DatatypeConverter.printBase64Binary(encryptedBytes);
      }
      

      See

      • MITRE, CWE-329 - Not Using a Random IV with CBC Mode
      • OWASP Top 10 2017 Category A6 - Security Misconfiguration

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                ann.campbell.2 Ann Campbell
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: