This article is a part of our Web Security Knowledge Base (back to index)
Why Potential IP Addresses Found in the Viewstate can be dangerous
Viewstate is a Client Side State Management Technique and allows to store user data on the page during the post back. In ASP.NET applications the Viewstate is on by default and it serializes the data in every control on your webpage.
Its disadvantages are that the information it contains can be seen directly in the source output of the page and the contents of Hidden Fields can be manually encrypted or decrypted with some extra coding. If an IP address is found in the Viewstate of your page it can be easily read by the attacker and used to directly access servers and services, which may not be as secure as the entry points. The disclosed IP address can be also used for fingerprinting your services and infrastructure.
How to fix Potential IP Addresses Found in the Viewstate
Ensure the page uses HTTPS.
Check if Viewstate does not contain any sensitive information.
Use ViewState encryption, to hide it from all users.
How does ScanRepeat report Potential IP Addresses Found in the Viewstate
ScanRepeat analyzes the content of the Viewstate of the web page and reports every potential IP address value found in there. ScanRepeat provides information about URLs of possible vulnerability and IP addresses which were found being serialized in the viewstate field.
Would you like to test your application now against this problem? Sign up for our free trialScan Your Web App Now