What can be done if the _viewstate parameter is not encrypted?

What can be done if the _viewstate parameter is not encrypted ?
July 9th 19 at 13:07
1 answer
July 9th 19 at 13:09
It should not be encrypted, because is used on the client side (potentially insecure environment, where any decoder can be forced to work for themselves).

Or what do you mean by encryption?
I used acunetix, he gave what is a vulnerability on one of the sites that the _viewstate parameter is not encrypted - Dominic_Spinka1 commented on July 9th 19 at 13:12

Find more questions by tags Information security