Microsoft .NET ViewState Detection and Decoding
Info Nessus Network Monitor Plugin ID 7005
SynopsisMicrosoft .NET ViewState data has been detected.
DescriptionMicrosoft .NET often stores and passes web session state via a ViewState hidden form field. This field is used by the server to store client or server information which is then used as business logic.
SolutionExamine the decoded string to ensure that confidential data is not being included within the ViewState string. Enable hashing of the ViewState string.