CA5358Security Enabled by default: No

Do Not Use Unsafe Cipher Modes

Description

These modes are vulnerable to attacks and may cause exposure of sensitive information. For example, using ECB to encrypt a plaintext block always produces a same cipher text, so it can easily tell if two encrypted messages are identical. Using approved modes can avoid these unnecessary risks.

Cause

Use of one of the following unsafe encryption modes that is not approved:

System.Security.Cryptography.CipherMode.ECB
System.Security.Cryptography.CipherMode.OFB
System.Security.Cryptography.CipherMode.CFB

How to fix violations

Use only approved modes (System.Security.Cryptography.CipherMode.CBC, System.Security.Cryptography.CipherMode.CTS).

Example

using System.Security.Cryptography;

class ExampleClass
{
    private static void ExampleMethod()
    {
        RijndaelManaged rijn = new RijndaelManaged
        {
            Mode = CipherMode.ECB
        };
    }
}

using System;
using System.Security.Cryptography;

class ExampleClass
{
    private static void ExampleMethod()
    {
        Console.WriteLine(CipherMode.ECB);
    }
}

using System.Security.Cryptography;

class ExampleClass
{
    private static void ExampleMethod()
    {
        RijndaelManaged rijn = new RijndaelManaged
        {
            Mode = CipherMode.CBC
        };
    }
}

When to suppress

It's safe to suppress a warning from this rule if:

Cryptography experts have reviewed and approved the cipher mode's usage.
The referenced System.Security.Cryptography.CipherMode isn't used for a cryptographic operation.

Your vote

Join a group to vote

Group results

0 yes 0 no

ConsensusNone (disabled)

Severity preference (yes voters)

Suggestion0

Warning0

Error0