Microsoft .NET ViewState Detection and Decoding

Info Nessus Network Monitor Plugin ID 7005


Microsoft .NET ViewState data has been detected.


Microsoft .NET often stores and passes web session state via a ViewState hidden form field. This field is used by the server to store client or server information which is then used as business logic.


Examine the decoded string to ensure that confidential data is not being included within the ViewState string. Enable hashing of the ViewState string.

Plugin Details

Severity: Info

ID: 7005

File Name: 7005.pasl

Version: 1.25

Family: Generic

Published: 2009/06/22

Modified: 2016/09/28

Risk Information

Risk Factor: Info