Missing Support for Integrity Check
This vulnerability occurs when a system uses a communication protocol that lacks built-in integrity verification, such as a checksum or cryptographic hash, to detect if data has been altered or corrupted during transmission.
When a protocol doesn't include integrity checks like checksums, there's no reliable way for the receiving end to know if the data arrived exactly as it was sent. Corruption from network errors, hardware faults, or even malicious tampering can go undetected. This missing layer of validation means corrupted data is passed directly to the application, which must then bear the full responsibility for detecting these errors—if it can at all. The principle of end-to-end integrity argues that verification should happen at the lowest protocol layer where it can be fully implemented. A protocol-level checksum is the most effective guard because it validates an entire message or session, not just individual network packets. While applications should still perform their own input validation, relying solely on that is riskier and less efficient than having the underlying communication channel guarantee data integrity from the start.
Impact: Other
Data that is parsed and used may be corrupted.
Impact: Hide ActivitiesOther
Without a checksum it is impossible to determine if any changes have been made to the data after it was sent.
Code Example:
javaMedium
- 13ASP.NET Misconfiguration: Password in Configuration File
- 14Compiler Removal of Code to Clear Buffers
- 39Path Traversal: 'C:dirname'
- 74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
- 75Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
- 389Error Conditions, Return Values, Status Codes
- 665Improper Initialization
- CLASP
- ISA/IEC 62443
- ISA/IEC 62443
- ISA/IEC 62443
- ISA/IEC 62443
- ISA/IEC 62443
- ISA/IEC 62443