Microsoft .NET ViewState Detection and Decoding

info Nessus Network Monitor Plugin ID 7005

Synopsis

Microsoft .NET ViewState data has been detected.

Description

Microsoft .NET often stores and passes web session state via a ViewState hidden form field. This field is used by the server to store client or server information which is then used as business logic.

Solution

Examine the decoded string to ensure that confidential data is not being included within the ViewState string. Enable hashing of the ViewState string.

Plugin Details

Severity: Info

ID: 7005

Version: 1.25

Family: Generic

Published: 6/22/2009

Updated: 8/16/2018

Detections

Analytics