Viewstate without MAC Signature (Sure)

Risk:
High

Type:
Passive

CWE:
642

Summary: This website uses ASP.NET’s Viewstate but without any MAC.

Solution: Ensure the MAC is set for all pages on this website.

References: https://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff649308(v=pandp.10)