Viewstate without MAC Signature (Sure)

Docs > Alerts

Details
Alert ID	10032-5
Alert Type	Passive
Status	release
Risk	High
CWE	642
WASC	14
Technologies Targeted	All
Tags	CWE-642 OWASP_2017_A06 OWASP_2021_A04
More Info	Scan Rule Help

Summary

This website uses ASP.NET’s Viewstate but without any MAC.

Solution

Ensure the MAC is set for all pages on this website.

Other Info

References

https://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff649308(v=pandp.10)

Code

org/zaproxy/zap/extension/pscanrules/ViewstateScanRule.java