diff --git a/spec/features/broken_auth_spec.rb b/spec/features/broken_auth_spec.rb
new file mode 100644
index 0000000..d1f7e6e
--- /dev/null
+++ b/spec/features/broken_auth_spec.rb
@@ -0,0 +1,25 @@
+require 'spec_helper'
+
+feature 'broken_auth' do
+  before do
+    UserFixture.reset_all_users
+    @normal_user = UserFixture.normal_user
+  end
+
+  scenario 'TMI during login', :js => true do
+    visit '/'
+    within('.signup') do
+      fill_in 'email', :with => @normal_user.email + 'not'
+      fill_in 'password', :with => @normal_user.clear_password
+    end
+    click_on 'Login'
+    find('div#flash_notice').text.should == "#{@normal_user.email}not doesn't exist!"
+
+    within('.signup') do
+      fill_in 'email', :with => @normal_user.email
+      fill_in 'password', :with => @normal_user.clear_password + 'not'
+    end
+    click_on 'Login'
+    find('div#flash_notice').text.should == 'Incorrect Password!'
+  end
+end
\ No newline at end of file
diff --git a/spec/features/xss_spec.rb b/spec/features/xss_spec.rb
index 39735f1..a5bea9f 100644
--- a/spec/features/xss_spec.rb
+++ b/spec/features/xss_spec.rb
@@ -6,7 +6,7 @@ feature 'xss' do
     @normal_user = UserFixture.normal_user
   end
 
-  scenario 'injection attack on account_settings', :js => true do
+  scenario 'xss attack on account_settings', :js => true do
     login @normal_user
 
     visit "/users/#{@normal_user.user_id}/account_settings"