Good afternoon,
It was reported by the cybersecurity team that there is a vulnerability with the variable __OSVSTATE, does anyone know what is wrong and how to solve it?
I am using outsystems 5
Hi Rodrigo,
Can you share what the vulnerability is?
Regards,
Daniel
Hi ,
They just sent me this :(
Can you check what can be wrong?
Hello.
First, version 5 is no longer supported so it will have vulnerabilities for sure.
If it can help you, take a look at this topic where View State is explained and its size is reduced.
https://www.outsystems.com/forums/discussion/10458/view-state-in-outsystems-applications/
But again, keeping OS updated is the best way to removed vulnerabilities. Version 5 has been unsupported for what, 8 years?
From that image, you have the variable sleep in view state and it can be tampered by the user.
Nuno Reis wrote:
Thanks for the answer Nuno, can I hide the variable so it won't be presented?
I completely agree with making OS updates, but the client uses this version and they don't want to "waste" time updating
I know that type. I also have a client still using Enterprise Manager.
Architecture Dashboard would tell you, but not in version 5.
Can you not allow it to be changed? :) It will depend on the logic you chose, but I think you can create functions with parameters instead of changing screen variables.