The insecure ECB encryption mode is used. This may lead to a loss of confidentiality or integrity of the data due to the man in the middle attack.

The encryption algorithm defines how the block of ciphertext will be obtained from the block of data of fixed size. Encryption mode determines how the encryption algorithm will be applied to the data that is larger than the block size.

The Electronic Codebook (ECB) mode is the simplest encryption mode, in which the original data blocks are encrypted independently. This allows parallel processing of blocks, which increases the speed of encryption and decryption. Nevertheless, the ECB mode is insecure, since the identical data blocks are encrypted into identical ciphertext blocks, which makes cryptanalysis easier. Moreover, the ciphertext blocks are independent from each other, so an attacker can replace some blocks of hijacked ciphertext, which will not be detected by the receiver.

Besides, the encryption in ECB mode keeps statistical features of the original data. An attacker who intercepts the ciphertext can draw some conclusions about the structure of the original data even without decrypting.

Sensitive Data Exposure vulnerabilities take the third place in the “OWASP Top 10 2017” web-application vulnerabilities ranking.

Groovy : Hardcoded initialization vector

DerScanner Severity Score

Do you want to fix Groovy : Hardcoded initialization vector in your application?

See also