How to resolve the Format String Error alert in OWASP ZAP for a web application (ASP.NET C#)?
I have a web application with a log in page.
In the log in page, I've set maxlength for the username input and the password input, which looks like the code below.
@Html.TextBoxFor(m => m.Username, new { @maxlength="30"})
When I run OWASP ZAP, it gives me an alert with the following description.
A Format String error occurs when the submitted data of an input string is evaluated as a command by the application
Potential Format String Error. The script closed the connection on a /%s
But when I remove @maxlength="30", the alert goes away.
I've been trying to find the remediation for this alert, but I've read that Format String vulnerability doesn't really exist in C#: Do format string vulnerabilities exist in C# or Java? .
Is it just a "potential" error and nothing to worry about because it's in C#?
Or.. if this is something that needs to be taken care of, what can be done to resolve this alert from OWASP ZAP? (I'd believe removing @maxlength is not a solution).
