/alerttags/cwe-642/ Recent content in CWE-642 on ZAP Hugo en-us /docs/alerts/10094-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10094-2/ <p>The application does not use a Message Authentication Code (MAC) to protect the integrity of the ASP.NET ViewState, which can be tampered with by a malicious client.</p> /docs/alerts/10032-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10032-2/ <p>Email addresses were found being serialized in the viewstate field.</p> /docs/alerts/90001/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90001/ <p>The response at the following URL contains a ViewState value that has no cryptographic protections.</p> /docs/alerts/10032-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10032-3/ <p>This website uses ASP.NET version 1.0 or 1.1.</p> /docs/alerts/10032-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10032-1/ <p>Potential IP addresses were found being serialized in the viewstate field.</p> /docs/alerts/10032-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10032-6/ <p>This website uses ASP.NET&rsquo;s Viewstate and its value is split into several chunks.</p> /docs/alerts/10032-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10032-5/ <p>This website uses ASP.NET&rsquo;s Viewstate but without any MAC.</p> /docs/alerts/10032-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10032-4/ <p>This website uses ASP.NET&rsquo;s Viewstate but maybe without any MAC.</p>