Details
Alert Id 90001
Alert Type Passive Scan Rule
Status release
Risk
CWE
WASC

Summary

The response at the following URL contains a ViewState value that has no cryptographic protections.

Solution

Secure VIEWSTATE with a MAC specific to your environment

References

Code

org/zaproxy/zap/extension/pscanrules/InsecureJsfViewStatePassiveScanRule.java