Encryption using ECB¶
ID: cs/ecb-encryption Kind: problem Severity: warning Precision: high Tags: - security - external/cwe/cwe-327 Query suites: - csharp-code-scanning.qls - csharp-security-extended.qls - csharp-security-and-quality.qls
ECB should not be used as a mode for encryption. It has dangerous weaknesses. Data is encrypted the same way every time meaning the same plaintext input will always produce the same cyphertext. This makes encrypted messages vulnerable to replay attacks.
Use a different CypherMode.