The software does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission. Improper validation of checksums before use results in an unnecessary risk that can easily be mitigated. The protocol specification describes the algorithm used for calculating the checksum. It is then a simple matter of implementing the calculation and verifying that the calculated checksum and the received checksum match. Improper verification of the calculated checksum and the received checksum can lead to far greater consequences. 1000 699 Weakness ChildOf 345 1000 Weakness ChildOf 754 1000 Weakness PeerOf 353 888 Category ChildOf 896 Architecture and Design Implementation Medium Integrity Other Modify application data Other Integrity checks usually use a secret key that helps authenticate the data origin. Skipping integrity checking generally opens up the possibility that new data from an invalid source can be injected. Integrity Other Other Data that is parsed and used may be corrupted. Non-Repudiation Other Hide activities Other Without a checksum check, it is impossible to determine if any changes have been made to the data after it was sent. Implementation Ensure that the checksums present in messages are properly checked in accordance with the protocol specification before they are parsed and used. C C++ sd = socket(AF_INET, SOCK_DGRAM, 0); serv.sin_family = AF_INET; serv.sin_addr.s_addr = htonl(INADDR_ANY); servr.sin_port = htons(1008); bind(sd, (struct sockaddr *) & serv, sizeof(serv)); while (1) { memset(msg, 0x0, MAX_MSG); clilen = sizeof(cli); if (inet_ntoa(cli.sin_addr)==...) n = recvfrom(sd, msg, MAX_MSG, 0, (struct sockaddr *) & cli, &clilen); } Java while(true) { DatagramPacket packet = new DatagramPacket(data,data.length,IPAddress, port); socket.send(sendPacket); } Failure to check integrity check value 463 75 CLASP Eric Dalci Cigital 2008-07-01 updated Time_of_Introduction CWE Content Team MITRE 2008-09-08 updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings CWE Content Team MITRE 2009-03-10 updated Description, Name, Relationships CWE Content Team MITRE 2009-10-29 updated Description, Other_Notes CWE Content Team MITRE 2010-12-13 updated Description CWE Content Team MITRE 2011-06-01 updated Common_Consequences CWE Content Team MITRE 2012-05-11 updated Related_Attack_Patterns, Relationships Failure to Check Integrity Check Value