C Sharp Aes Ecb Mode Used
Description
Detects usage of AES encryption with ECB (Electronic Code Book) mode, which is cryptographically insecure. ECB mode encrypts identical plaintext blocks into identical ciphertext blocks, potentially revealing patterns in the encrypted data and compromising confidentiality.
Detection Strategy
• Look for cryptographic operations that specify or default to ECB mode
• Check configuration parameters and initialization of cryptographic functions for explicit ECB mode usage
• Inspect cryptographic provider configurations where cipher modes are specified
• Flag instances where encryption is performed without explicitly setting a secure mode like CBC, GCM, or CTR
Vulnerable code example
using System.Security.Cryptography;
public class InsecureEncryption {
public void EncryptData() {
Aes cipher = Aes.Create();
cipher.Mode = CipherMode.ECB; // Vulnerable: ECB mode reveals patterns in plaintext
byte[] data = new byte[32];...✅ Secure code example
using System.Security.Cryptography;
public class SecureEncryption {
public void EncryptData() {
using Aes cipher = Aes.Create();
cipher.Mode = CipherMode.CBC; // Secure: CBC mode hides patterns in plaintext
byte[] data = new byte[32];...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.