What can be done if the _viewstate parameter is not encrypted?

Question

What can be done if the _viewstate parameter is not encrypted?

What can be done if the _viewstate parameter is not encrypted ?

Information security

Dominic_Spinka1 asked July 9th 19 at 13:07

More answers about "What can be done if the _viewstate parameter is not encrypted?"

1 answer

Elna.Volkman92 answered on · Answer 1 · 2019-07-09T13:09:55.455Z

Elna.Volkman92 answered on July 9th 19 at 13:09

It should not be encrypted, because is used on the client side (potentially insecure environment, where any decoder can be forced to work for themselves).

Or what do you mean by encryption?

I used acunetix, he gave what is a vulnerability on one of the sites that the _viewstate parameter is not encrypted - Dominic_Spinka1 commented on July 9th 19 at 13:12