Vulnerabilities
1
min read
Viewstate without MAC Signature (Sure)
This website uses ASP.NET's Viewstate but without any MAC.
Summary
This website uses ASP.NET's Viewstate but without any MAC.
Risk
High
Solution
Ensure the MAC is set for all pages on this website.
References
- https://www.zaproxy.org/docs/alerts/10032-5/
- https://msdn.microsoft.com/en-us/library/ff649308.aspx
- https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html
- https://owasp.org/Top10/A04_2021-Insecure_Design/
- https://cwe.mitre.org/data/definitions/642.html
- https://github.com/carlospolop/hacktricks/blob/master/pentesting-web/deserialization/exploiting-__viewstate-parameter.md
Let’s check and protect your website from hackers
Run our expert website security checkup and get your tailored security recommendations to protect your website.
Start today. Don't be sorry tomorrow.
