Will It Vibe logoWill It Vibe?
CRYPTO-007High severity-15 points

ECB cipher mode

Part of Security, which counts for 30% of the overall score. When this check fires it deducts 15 points from that category, once per scan, no matter how many places it turns up.

What it detects

ECB encrypts identical plaintext blocks to identical ciphertext, leaking structure. Use an authenticated mode such as GCM.

Why it matters

ECB mode encrypts each block independently, so identical plaintext blocks become identical ciphertext blocks and the structure of the data (the classic outline of an encrypted image) leaks. It also provides no integrity, so ciphertext can be cut and rearranged. This defeats the purpose of encrypting.

How to fix it

Use an authenticated mode: AES-GCM or ChaCha20-Poly1305, with a random IV/nonce per message and the authentication tag verified on decrypt. If you only have a raw block cipher, at minimum use CBC with a random IV plus a separate MAC, but AEAD is strongly preferred. Re-encrypt data currently stored under ECB.

The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing

Does your repo trip this check?

Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.

Scan your repo

Related Security checks