Home > CAPEC List > CAPEC-145: Checksum Spoofing (Version 2.10)  

CAPEC-145: Checksum Spoofing

Checksum Spoofing
Definition in a New Window Definition in a New Window
Attack Pattern ID: 145
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An attacker spoofs a checksum message for the purpose of making a payload appear to have a valid corresponding checksum. Checksums are used to verify message integrity. They consist of some value based on the value of the message they are protecting. Hash codes are a common checksum mechanism. Both the sender and recipient are able to compute the checksum based on the contents of the message. If the message contents change between the sender and recipient, the sender and recipient will compute different checksum values. Since the sender's checksum value is transmitted with the message, the recipient would know that a modification occurred. In checksum spoofing an attacker modifies the message body and then modifies the corresponding checksum so that the recipient's checksum calculation will match the checksum (created by the attacker) in the message. This would prevent the recipient from realizing that a change occurred.

+ Attack Prerequisites
  • The attacker must be able to intercept a message from the sender (keeping the recipient from getting it), modify it, and send the modified message to the recipient.

  • The sender and recipient must use a checksum to protect the integrity of their message and transmit this checksum in a manner where the attacker can intercept and modify it.

  • The checksum value must be computable using information known to the attacker. A cryptographic checksum, which uses a key known only to the sender and recipient, would thwart this attack.

+ Typical Severity


+ Resources Required

The attacker must be able to intercept and modify messages between the sender and recipient.

+ Content History
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
More information is available — Please select a different filter.
Page Last Updated or Reviewed: May 01, 2017