保護DataHogo
Security Encyclopedia/Cryptography
mediumCWE-327A02:2021

ECB Mode

Using ECB (Electronic Codebook) mode for encryption produces identical ciphertext blocks for identical plaintext blocks, revealing patterns in the encrypted data.

How It Works

ECB mode encrypts each block of plaintext independently using the same key. This means identical plaintext blocks always produce identical ciphertext blocks. An attacker analyzing the ciphertext can detect repeated patterns, determine which blocks are the same, and potentially reconstruct the structure of the original data. The classic demonstration is the ECB penguin — encrypting an image with ECB mode preserves the visual outline because identical color blocks produce identical cipher blocks. In practice, ECB leaks information about encrypted database fields (duplicate values produce duplicate ciphertext), encrypted API tokens (common prefixes are visible), and any structured data where blocks repeat.

Vulnerable Code
const crypto = require('crypto');
function encrypt(text, key) {
  const cipher = crypto.createCipheriv('aes-256-ecb', key, null);
  let encrypted = cipher.update(text, 'utf8', 'hex');
  encrypted += cipher.final('hex');
  return encrypted;
}
Secure Code
const crypto = require('crypto');
function encrypt(text, key) {
  const iv = crypto.randomBytes(16);
  const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);
  let encrypted = cipher.update(text, 'utf8', 'hex');
  encrypted += cipher.final('hex');
  const tag = cipher.getAuthTag().toString('hex');
  return iv.toString('hex') + ':' + encrypted + ':' + tag;
}

Real-World Example

Adobe's 2013 breach exposed 153 million user passwords encrypted with 3DES in ECB mode. Because ECB produces identical ciphertext for identical plaintext, researchers could identify the most common passwords by counting duplicate ciphertext values. The password hints (stored in plaintext) made it trivial to confirm guesses.

How to Prevent It

  • Never use ECB mode — always use GCM, CBC with HMAC, or CTR mode
  • Use AES-256-GCM which provides both encryption and authentication
  • Generate a unique random IV for every encryption operation
  • Use well-tested encryption libraries instead of implementing cipher modes manually

Affected Technologies

Node.jsPythonJavaGoC#

Data Hogo detects this vulnerability automatically.

Scan Your Repo Free

Related Vulnerabilities

Static IV/Nonce

high

Using a hardcoded or constant Initialization Vector (IV) or nonce for encryption defeats the purpose of the IV and allows attackers to detect patterns and decrypt data.

CWE-329A02:2021

Weak Key Size

medium

Using cryptographic keys shorter than recommended minimums (RSA less than 2048 bits, AES less than 128 bits) makes encryption vulnerable to brute-force attacks with modern hardware.

CWE-326A02:2021

Certificate Validation Disabled

critical

Disabling TLS certificate validation with NODE_TLS_REJECT_UNAUTHORIZED=0 or rejectUnauthorized: false allows man-in-the-middle attacks on all HTTPS connections.

CWE-295A07:2021

Weak PRNG for Security

high

Using Math.random() or Date.now() to generate tokens, session IDs, or reset codes produces predictable values that attackers can guess or reproduce.

CWE-338A02:2021