Details
Alert ID 10032-4
Alert Type Passive
Status release
Risk High
CWE 642
WASC 14
Technologies Targeted All
Tags CWE-642
OWASP_2017_A06
OWASP_2021_A04
POLICY_PENTEST
SYSTEMIC
More Info Scan Rule Help

Summary

This website uses ASP.NET’s Viewstate but maybe without any MAC.

Solution

Ensure the MAC is set for all pages on this website.

Other Info

References

Code

org/zaproxy/zap/extension/pscanrules/ViewstateScanRule.java