dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

PasswordReset_host_header.adoc: Typo fixes

Browse Source
This commit is contained in:
Elie De Brauwer 2020-05-23 16:16:47 +02:00 committed by Nanne Baars
parent 60087e441d
commit 23762885fa
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
webgoat-lessons/password-reset/src/main/resources/lessonPlans/en/PasswordReset_host_header.adoc
View File

@ -6,8 +6,8 @@ When creating a password reset link you need to make sure:
- It can only be used once
- The link is only valid for a limited amount of time.
Send a link with a random token means an attacker cannot start a simple DOS attack to your website by starting to
block users. The link should not be used more than once which makes it impossible to change the password again.
Sending a link with a random token means an attacker cannot start a simple DOS attack to your website by starting to
block users. The link should not be usable more than once which makes it impossible to change the password again.
The time out is necessary to restrict the attack window, having a link opens up a lot of possibilities for the attacker.
== Assignment