Viewstate without MAC Signature (Unsure)

Docs > Alerts

Details
Alert Id	10032-4
Alert Type	Passive Scan Rule
Status	release
Risk	High
CWE	642
WASC	14

Summary

*** EXPERIMENTAL *** This website uses ASP.NET's Viewstate but maybe without any MAC.

Solution

Ensure the MAC is set for all pages on this website.

References

http://msdn.microsoft.com/en-us/library/ff649308.aspx

Code

org/zaproxy/zap/extension/pscanrules/ViewstateScanRule.java