From b0e3a06b50c069b9035a41b32e8fb54f4af83be4 Mon Sep 17 00:00:00 2001
From: Nanne Baars <nanneb@gmail.com>
Date: Thu, 17 Jan 2019 16:33:55 +0100
Subject: [PATCH] Password reset lesson 5 not working #512

Added comment to not use OWASP ZAP
---
 .../resources/lessonPlans/en/PasswordReset_host_header.adoc     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webgoat-lessons/password-reset/src/main/resources/lessonPlans/en/PasswordReset_host_header.adoc b/webgoat-lessons/password-reset/src/main/resources/lessonPlans/en/PasswordReset_host_header.adoc
index 1daea2dc6..e3601c000 100644
--- a/webgoat-lessons/password-reset/src/main/resources/lessonPlans/en/PasswordReset_host_header.adoc
+++ b/webgoat-lessons/password-reset/src/main/resources/lessonPlans/en/PasswordReset_host_header.adoc
@@ -14,5 +14,5 @@ The time out is necessary to restrict the attack window, having a link opens up
 
 Tom always resets his password immediately after receiving the email with the link.
 Try to reset the password of Tom (tom@webgoat-cloud.org) to your own choice and login as Tom with
-that password.
+that password. Note: it is not possible to use OWASP ZAP for this lesson.