dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

verify account assignment hints

Browse Source
This commit is contained in:
Jason White
2017-07-18 17:48:57 -04:00
parent 0cb4faf15f
commit 9b643728f8
2 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
webgoat-lessons/auth-bypass/src/main/resources/i18n/WebGoatLabels.properties
View File

@ -2,4 +2,10 @@ auth-bypass.title=Authentication Bypasses
verify-account.cheated=It appears you may be using source code to cheat.While that's always helpful when hacking. Please try again.
verify-account.failed=Not quite, please try again.
verify-account.success=Congrats, you have successfully verified the account without actually verifying it!
verify-account.success=Congrats, you have successfully verified the account without actually verifying it. You can now change your password!
auth-bypass.hints.verify.1=The attack on this is similar to the story referenced, but not exactly the same.
auth-bypass.hints.verify.2=You do want to tamper the security question parameters, but not delete them
auth-bypass.hints.verify.3=The logic to verify the account does expect 2 security questions to be answered, but there is a flaw in the implementation
auth-bypass.hints.verify.4=Have you tried renaming the secQuestion0 and secQuestion1 parameters?