Skip to content
Critiq Docs

Search docs

Search documentation pages and rules

security.cryptography

Avoid insecure cipher transformations

Java `Cipher.getInstance` should not request ECB mode or legacy algorithms like DES and RC4.

#Metadata

Rule ID
java.security.insecure-cipher-mode
Severity
high
Confidence
0.92
Languages
java
Presets
security, strict
Stability
stable
Applies to
block
Tags
cryptography, java, rules-catalog, security

#Why it matters

ECB mode leaks structure across blocks, while DES and RC4 are broken or deprecated and unsuitable for confidentiality.

#Remediation

Use authenticated modes such as `AES/GCM/NoPadding` and modern algorithms; avoid ECB, DES, and RC4.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/java/java.security.insecure-cipher-mode.rule.yaml.

Back to directoryOpen rule in repository