Difference between revisions of "Failure to check integrity check value"

Jump to: navigation, search
Line 105: Line 105:
Note: A reference to related [http://cwe.mitre.org/ CWE] or [http://capec.mitre.org/ CAPEC] article should be added when exists. Eg:
* [http://cwe.mitre.org/data/definitions/79.html CWE 79].
* http://www.link1.com
* [http://www.link2.com Title for the link2]
[[Category:FIXME|add links
[[Category:FIXME|add links

Revision as of 05:36, 24 September 2008

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

Last revision (mm/dd/yy): 09/24/2008

Vulnerabilities Table of Contents

ASDR Table of Contents


If integrity check values or "checksums" are not validated before messages are parsed and used, there is no way of determining if data has been corrupted in transmission.


  • Authentication: Integrity checks usually use a secret key that helps authenticate the data origin. Skipping integrity checking generally opens up the possibility that new data from an invalid source can be injected.
  • Integrity: Data that is parsed and used may be corrupted.
  • Non-repudiation: Without a checksum check, it is impossible to determine if any changes have been made to the data after it was sent.

Exposure period

  • Implementation: Checksums must be properly checked and validated in the implementation of message receiving.


  • Languages: All
  • Operating platforms: All

Required resources




Likelihood of exploit


The failure to validate checksums before use results in an unnecessary risk that can easily be mitigated with very few lines of code. Since the protocol specification describes the algorithm used for calculating the checksum, it is a simple matter of implementing the calculation and verifying that the calculated checksum and the received checksum match.

If this small amount of effort is skipped, the consequences may be far greater.

Risk Factors



In C/C++:

sd = socket(AF_INET, SOCK_DGRAM, 0);
serv.sin_family = AF_INET;
serv.sin_addr.s_addr = htonl(INADDR_ANY);
servr.sin_port = htons(1008);
bind(sd, (struct sockaddr *) & serv, sizeof(serv));
while (1) {
  memset(msg, 0x0, MAX_MSG);
  clilen = sizeof(cli);
  if (inet_ntoa(cli.sin_addr)==...)
  n = recvfrom(sd, msg, MAX_MSG, 0,
              (struct sockaddr *) & cli, &clilen);

In Java:

while(true) {
  DatagramPacket packet 
    = new DatagramPacket(data,data.length,IPAddress, port);

Related Attacks

Related Vulnerabilities

Related Controls

  • Implementation: Ensure that the checksums present in messages are properly checked in accordance with the protocol specification before they are parsed and used.

Related Technical Impacts