ASP.NET event validation disabled

Description

This web application is configured with a Page section that has the property enableEventValidation set to false. When configured this way, it will disable ASP.NET's validation of control events and permit an attacker to submit unexpected values.

Remediation

It's recommended to globally set the <strong>Pages</strong> property <strong>enableEventValidation</strong> to <strong>true</strong> and remove individual page directives. <pre> &lt;pages enableEventValidation=&quot;true&quot; /&gt; </pre>

References

Related Vulnerabilities