Improper Validation of Integrity Check Value

This vulnerability occurs when an application fails to properly validate integrity check values such as checksums, hashes, or message authentication values before processing data. As a result, modified, corrupted, or maliciously tampered data may be accepted as legitimate. Attackers may exploit this weakness to inject unauthorized content, bypass integrity protections, or manipulate communications between systems.

Remediation Recommendation

Ensure all integrity check values are validated against independently calculated values before processing or trusting incoming data. Implement checksum or cryptographic integrity verification according to the relevant protocol or specification, and reject any data that fails validation checks.

Metadata

Severity: high
Slug: improper-validation-of-integrity-check-value

CWEs

354: Improper Validation of Integrity Check Value

Available Labs

Open C labs in SecDim Play for this vulnerability.

medium

Firmware Upgrade.c

C Medium Operational Technology (OT) Signature

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

For Companies Play Now

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.