Typescript Insecure Cipher Mode
Description
Detects the use of insecure encryption cipher modes in TypeScript code that could make the encrypted data vulnerable to attacks. Weak cipher modes like ECB (Electronic Code Book) can expose patterns in encrypted data and should be avoided in favor of more secure modes like CBC with proper initialization vectors.
Detection Strategy
• Check for encryption-related function calls and object instantiations in TypeScript code
• Identify cipher mode specifications in cryptographic operations, particularly looking for weak modes like ECB
• Examine crypto configuration objects and parameters passed to encryption functions
• Flag instances where insecure cipher modes are specified or where the mode parameter defaults to an insecure value
• Report vulnerabilities when cryptographic operations use deprecated or cryptographically weak cipher modes
Vulnerable code example
const CryptoJS = require("crypto-js");
function encryptSensitiveData(data, key) {
// Vulnerable: Using RC4 (outdated) with ECB mode
const rc4Encrypted = CryptoJS.RC4.encrypt(data, key, {
mode: CryptoJS.mode.ECB
});
...✅ Secure code example
const CryptoJS = require("crypto-js");
function encryptSensitiveData(data, key) {
// Generate cryptographically secure IV and salt
const iv = CryptoJS.lib.WordArray.random(16);
const salt = CryptoJS.lib.WordArray.random(16);
// Derive strong key using PBKDF2 with high iteration count...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.