Python Insecure Aes Ecb Mode
Description
Detects the use of ECB (Electronic Code Book) mode in AES encryption operations. ECB mode is cryptographically weak because it encrypts identical plaintext blocks into identical ciphertext blocks, revealing patterns in the encrypted data. This makes the encryption vulnerable to analysis and replay attacks.
Detection Strategy
• Identifies calls to 'AES.new' method from PyCrypto/PyCryptodome library
• Examines the arguments passed to AES.new to determine the cipher mode
• Reports a vulnerability when AES is initialized with ECB mode or when no mode is specified (as ECB is the default)
• Specifically checks function call arguments for MODE_ECB constant or absence of mode parameter
Vulnerable code example
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes
data = b"secret data"
key = get_random_bytes(16)
# Vulnerable: Using ECB mode which is cryptographically weak due to lack of randomization
cipher = AES.new(key, AES.MODE_ECB)...✅ Secure code example
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes
data = b"secret data"
key = get_random_bytes(16)
# Use AES-GCM mode for authenticated encryption with associated data (AEAD)
cipher = AES.new(key, AES.MODE_GCM)...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.