From 23762885fac39a98afa6c0d9e4cbb2be43a5cd4f Mon Sep 17 00:00:00 2001 From: Elie De Brauwer Date: Sat, 23 May 2020 16:16:47 +0200 Subject: [PATCH] PasswordReset_host_header.adoc: Typo fixes --- .../resources/lessonPlans/en/PasswordReset_host_header.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/webgoat-lessons/password-reset/src/main/resources/lessonPlans/en/PasswordReset_host_header.adoc b/webgoat-lessons/password-reset/src/main/resources/lessonPlans/en/PasswordReset_host_header.adoc index 40a94f6b6..74eec08d3 100644 --- a/webgoat-lessons/password-reset/src/main/resources/lessonPlans/en/PasswordReset_host_header.adoc +++ b/webgoat-lessons/password-reset/src/main/resources/lessonPlans/en/PasswordReset_host_header.adoc @@ -6,8 +6,8 @@ When creating a password reset link you need to make sure: - It can only be used once - The link is only valid for a limited amount of time. -Send a link with a random token means an attacker cannot start a simple DOS attack to your website by starting to -block users. The link should not be used more than once which makes it impossible to change the password again. +Sending a link with a random token means an attacker cannot start a simple DOS attack to your website by starting to +block users. The link should not be usable more than once which makes it impossible to change the password again. The time out is necessary to restrict the attack window, having a link opens up a lot of possibilities for the attacker. == Assignment