Uploaded image for project: 'Rules Repository'
  1. Rules Repository
  2. RSPEC-4432

AES encryption algorithm should be used with secured mode

    Details

    • Message:
      Use Galois/Counter Mode (GCM/NoPadding) instead.
    • Default Severity:
      Critical
    • Impact:
      High
    • Likelihood:
      Low
    • Default Quality Profiles:
      Sonar way
    • Covered Languages:
      C#, Java
    • Irrelevant for Languages:
      ABAP, C, C++, Cobol, CSS, Flex, HTML, JavaScript, Objective-C, PHP, PL/I, PL/SQL, Python, RPG, Swift, T-SQL, TypeScript, VB.Net, VB6, XML
    • Remediation Function:
      Constant/Issue
    • Constant Cost:
      2min
    • Analysis Level:
      Abstract Interpretation
    • Analysis Scope:
      Main Sources
    • Common Rule:
      Yes
    • CERT:
      MSC61-J.
    • CWE:
      CWE-327
    • OWASP:
      A6
    • SANS Top 25:
      Porous Defenses
    • FindSecBugs:
      ECB_MODE, PADDING_ORACLE

      Description

      The Advanced Encryption Standard (AES) encryption algorithm can be used with various modes. Some combinations are not secured:

      • Electronic Codebook (ECB) mode: Under a given key, any given plaintext block always gets encrypted to the same ciphertext block. Thus, it does not hide data patterns well. In some senses, it doesn't provide serious message confidentiality, and it is not recommended for use in cryptographic protocols at all.
      • Cipher Block Chaining (CBC) with PKCS#5 padding (or PKCS#7) is susceptible to padding oracle attacks.

      In both cases, Galois/Counter Mode (GCM) with no padding should be preferred.

      See

        Attachments

          Issue Links

          1.
          C# RSPEC-4560 Language-Specification Active Unassigned
          2.
          Java RSPEC-4585 Language-Specification Active Unassigned

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                jeanchristophe.collet Jean-Christophe Collet (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: