Symptoms

Dear,

The follwoing issue has been identified during Security Scan

Unencrypted __VIEWSTATE Parameter in web.config files.

URL: https://ss-jhd-wfsft/Runtime/BlockedBrowser.aspx
https://ss-jhd-wft/ViewFlow/ViewFlow.aspx
Parameter: __VIEWSTATE
Risk(s): It is possible to gather sensitive information about the web application such as usernames, passwords, machine name
and/or sensitive file locations
Fix: Modify your Web.Config file to encrypt the VIEWSTATE parameter

 

Diagnoses

"
K2 does not make use of the __VIEWSTATE parameter and do not store any information in it, thus there is no need to encrypt it.
The reason the client/tool sees the paramater is because the .Net framework adds it automatically
"
 

Resolution

Customer closed the ticket after the following feed back:
"
K2 does not make use of the __VIEWSTATE parameter and do not store any information in it, thus there is no need to encrypt it.
The reason the client/tool sees the paramater is because the .Net framework adds it automatically
"