DerScanner
Home / Vulnerability Database / C-sharp : Asp.net misconfiguration
C#

C-sharp : Asp.net misconfiguration

Classification

OWASP Top 10 2013
A5-Security Misconfiguration
OWASP Top 10 2017
A6-Security Misconfiguration
OWASP Top 10 2021
A5-Security Misconfiguration
HIPAA
§164.312 (c)(1)§164.312 (c)(2)
CWE
CWE-1031

Overview

The view state message authentication check (MAC) is disabled. It can allow an attacker to change the view state.

A message authentication code (MAC) is a short piece of information used to authenticate a message - in other words, to confirm that the message came from the stated sender and has not been changed. The MAC value protects both a message’s data integrity as well as its authenticity. For security purposes, always enable message authentication.

References

  1. Understanding (and testing for) view state MAC in ASP.NET web forms
  2. Message Authentication Code (MAC)
  3. OWASP Top 10 2017-A6-Security Misconfiguration
  4. CWE CATEGORY: OWASP Top Ten 2017 Category A5 - Broken Access Control
CRITICAL

DerScanner Severity Score

Do you want to fix C-sharp : Asp.net misconfiguration in your application?

See also

C#

C-sharp : JWT: None Algorithm

C#

C-sharp : Insecure data transmission: Database

C#

C-sharp : Only one of method Equals() and GetHashCode() defined