Insecure JSF ViewState

Risk:
Medium

Type:
Passive

CWE:
CWE-642

Summary: The response at the following URL contains a ViewState value that has no cryptographic protections.

Solution: Secure VIEWSTATE with a MAC specific to your environment

References: https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt

Free online web security scanner

Don't show website scan report rating on the leaderboard