Details
Alert Id 10032-4
Alert Type Passive Scan Rule
Status release
Risk High
CWE 642
WASC 14

Summary

*** EXPERIMENTAL *** This website uses ASP.NET's Viewstate but maybe without any MAC.

Solution

Ensure the MAC is set for all pages on this website.

References

Code

org/zaproxy/zap/extension/pscanrules/ViewstateScanRule.java