Insecure JSF ViewState

Risk:
Medium

Type:
Passive

CWE:
642

Summary: The response at the following URL contains a ViewState value that has no cryptographic protections.

Solution: Secure VIEWSTATE with a MAC specific to your environment

References: https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt