News & Articles

Our articles and guides on how to protect your startup from cybercriminals

Read about all the security issues that we find during our automated security reviews, and how to solve them.

Latest Articles

All
ISO 27001
All
SOC 2
All
Vulnerabilities
All
Mitigations

Viewstate without MAC Signature (Sure)

The Viewstate without MAC Signature (Sure) vulnerability occurs when a web page uses Viewstate but does not include a Message Authentication Code (MAC) to protect it. Without a MAC, an attacker can modify the Viewstate value, which could allow them to perform session hijacking, CSRF attacks, or access sensitive information.

Vulnerabilities

Viewstate without MAC Signature (Unsure)

The Viewstate without MAC Signature (Unsure) vulnerability is a security issue that can affect the integrity of a web application's ViewState data. This vulnerability occurs when ViewState data is transmitted without being signed with a Message Authentication Code (MAC) or the MAC key used to sign the ViewState data is known to the attacker.

Vulnerabilities

Old Asp.Net Version in Use

The 'Old Asp.Net Version in Use' vulnerability is a serious security concern that can leave your web application vulnerable to various cyber attacks. This vulnerability occurs when your web application uses an old and outdated version of the ASP.NET framework. Hackers can exploit the security vulnerabilities present in old versions to launch attacks such as SQL injection and cross-site scripting (XSS).

Vulnerabilities

Emails Found in the Viewstate

The 'Emails Found in the Viewstate' vulnerability occurs when sensitive data, such as email addresses, is stored in the viewstate. This vulnerability can be exploited by attackers to gain access to sensitive data.

Vulnerabilities

Potential IP Addresses Found in the Viewstate

The 'Potential IP Addresses Found in the Viewstate' vulnerability occurs when sensitive data, such as IP addresses, are stored in the view state of a web application. If an attacker gains access to this information, it can be used to launch attacks against the system or other targets.

Vulnerabilities

User Controllable HTML Element Attribute (Potential XSS)

The vulnerability you discovered, 'User Controllable HTML Element Attribute (Potential XSS)', indicates that your web application allows user input to be included in HTML element attributes, which could potentially be exploited by an attacker to perform an XSS attack.

Vulnerabilities