diff --git a/webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/plugin/SecurePasswordsAssignment.java b/webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/plugin/SecurePasswordsAssignment.java
index fcd255182..fb1a4ec22 100644
--- a/webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/plugin/SecurePasswordsAssignment.java
+++ b/webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/plugin/SecurePasswordsAssignment.java
@@ -1,11 +1,11 @@
package org.owasp.webgoat.plugin;
-
import com.nulabinc.zxcvbn.Feedback;
import com.nulabinc.zxcvbn.Strength;
import com.nulabinc.zxcvbn.Zxcvbn;
import org.jruby.RubyProcess;
import org.owasp.webgoat.assignments.AssignmentEndpoint;
+import org.owasp.webgoat.assignments.AssignmentHints;
import org.owasp.webgoat.assignments.AssignmentPath;
import org.owasp.webgoat.assignments.AttackResult;
import org.springframework.web.bind.annotation.RequestMapping;
@@ -22,12 +22,12 @@ import java.text.DecimalFormatSymbols;
import java.util.Arrays;
import java.util.List;
import java.util.Locale;
-import java.util.ResourceBundle;
import java.util.concurrent.TimeUnit;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@AssignmentPath("SecurePasswords/assignment")
+//@AssignmentHints(value = {"xss-mitigation-3-hint1", "xss-mitigation-3-hint2", "xss-mitigation-3-hint3", "xss-mitigation-3-hint4"})
public class SecurePasswordsAssignment extends AssignmentEndpoint {
@RequestMapping(method = RequestMethod.POST)
@@ -60,6 +60,8 @@ public class SecurePasswordsAssignment extends AssignmentEndpoint {
for(String sug: strength.getFeedback().getSuggestions()) output.append(""+sug+"");
output.append("");
}
+ output.append("Score: " + strength.getScore()+ "/5 ");
+ output.append("Estimated cracking time in seconds: " + calculateTime((long) strength.getCrackTimeSeconds().getOnlineNoThrottling10perSecond()));
if(strength.getScore() >= 4)
return trackProgress(success().feedback("securepassword-success").output(output.toString()).build());