This article is a part of our Web Security Knowledge Base (back to index)

Why Viewstate without MAC Signature (Unsure) can be dangerous

The Viewstate is a mechanism built into the ASP.NET platform. It persists elements of the user interface and other data across successive requests.

How to fix Viewstate without MAC Signature (Unsure)

Review the contents of the ViewState and check whether it contains any critical items which can be manipulated to attack the application. To prevent any data manipulation, enable MAC signature by setting ‘Page.EnableViewStateMac’ to true on any page where it’s not currently enabled.

How does ScanRepeat report Viewstate without MAC Signature (Unsure)

ScanRepeat detects whether the website uses ASP.NET’s Viewstate and reports every page where the Viewstate may have the MAC signature disabled.

Would you like to test your application now against this problem? Sign up for our free trial

Scan Your Web App Now
Scan your application
for 14 days for free

No credit card is required. No commitment.

Sign Up Free