17
Views
6
Comments
__OSVSTATE Large encode stirng
Question

Good afternoon,

It was reported by the cybersecurity team that there is a vulnerability with the variable __OSVSTATE, does anyone know what is wrong and how to solve it?

I am using outsystems 5


mvp_badge
MVP
Rank: #19

Hi Rodrigo,

Can you share what the vulnerability is?

Regards,

Daniel

Hi ,

They just sent me this :(

Can you check what can be wrong?


mvp_badge
MVP
Rank: #68

Hello.

First, version 5 is no longer supported so it will have vulnerabilities for sure.


If it can help you, take a look at this topic where View State is explained and its size is reduced.

https://www.outsystems.com/forums/discussion/10458/view-state-in-outsystems-applications/


But again, keeping OS updated is the best way to removed vulnerabilities. Version 5 has been unsupported for what, 8 years?

mvp_badge
MVP
Rank: #68

From that image, you have the variable sleep in view state and it can be tampered by the user.


mvp_badge
MVP
Rank: #68

I know that type. I also have a client still using Enterprise Manager.

Architecture Dashboard would tell you, but not in version 5.

Can you not allow it to be changed? :) It will depend on the logic you chose, but I think you can create functions with parameters instead of changing screen variables.