From 5b6b88a4ba0b28d7e2a394ab50360577e6abc10d Mon Sep 17 00:00:00 2001
From: cktricky <ken.johnson@nvisiumsecurity.com>
Date: Sun, 18 Aug 2013 20:18:33 -0400
Subject: [PATCH] fixed broken auth numbering and also the incorrect accordion
 labels within insecure_compare

---
 .../_insecure_compare.html.erb                 | 18 +++++++++---------
 .../_password_complexity.html.erb              |  2 +-
 .../broken_auth_sess/_user_pass_enum.html.erb  |  2 +-
 3 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/app/views/layouts/tutorial/broken_auth_sess/_insecure_compare.html.erb b/app/views/layouts/tutorial/broken_auth_sess/_insecure_compare.html.erb
index 9fad652..fee6f8b 100644
--- a/app/views/layouts/tutorial/broken_auth_sess/_insecure_compare.html.erb
+++ b/app/views/layouts/tutorial/broken_auth_sess/_insecure_compare.html.erb
@@ -1,20 +1,20 @@
 <div class="widget">
     <div class="widget-header">
       <div class="title">
-        <span class="fs1" aria-hidden="true" data-icon="&#xe092;"></span> A3 - Broken Authentication and Session Management - Insecure Compare and Timing Attacks
+        <span class="fs1" aria-hidden="true" data-icon="&#xe092;"></span> A2 - Broken Authentication and Session Management - Insecure Compare and Timing Attacks
       </div>
     </div>
     <div class="widget-body">
       <div id="accordion1" class="accordion no-margin">
         <div class="accordion-group">
           <div class="accordion-heading">
-            <a href="#collapsePwdOne" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
+            <a href="#collapseCompOne" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
               <i class="icon-info icon-white">
               </i>
               Description
             </a>
           </div>
-          <div class="accordion-body in collapse" id="collapsePwdOne" style="height: auto;">
+          <div class="accordion-body in collapse" id="collapseCompOne" style="height: auto;">
             <div class="accordion-inner">
 				<p class="desc">
               A timing attack can exist in several forms. This specific case relates to username (email address) enumeration. By leveraging an automated tool, an attacker can review any subtle variation in response times after submitting a login request to determine if the application is performing a computationally intense function. Meaning, if a function is run once a user is discovered, even if the password is incorrect, this information provides the user with valid or invalid usernames.
@@ -24,13 +24,13 @@
         </div>
         <div class="accordion-group">
           <div class="accordion-heading">
-            <a href="#collapsePwdTwo" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
+            <a href="#collapseCompTwo" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
               <i class="icon-bug icon-white">
               </i>
               Bug
             </a>
           </div>
-          <div class="accordion-body collapse" id="collapsePwdTwo" style="height: 0px;">
+          <div class="accordion-body collapse" id="collapseCompTwo" style="height: 0px;">
             <div class="accordion-inner">
 	          	
             </div>
@@ -38,13 +38,13 @@
         </div>
         <div class="accordion-group">
           <div class="accordion-heading">
-            <a href="#collapsePwdThree" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
+            <a href="#collapseCompThree" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
               <i class="icon-lightning icon-white">
               </i>
               Solution
             </a>
           </div>
-          <div class="accordion-body collapse" id="collapsePwdThree" style="height: 0px;">
+          <div class="accordion-body collapse" id="collapseCompThree" style="height: 0px;">
             <div class="accordion-inner">
              
             </div>
@@ -52,13 +52,13 @@
         </div>
 		<div class="accordion-group">
           <div class="accordion-heading">
-            <a  style="background-color: rgb(181, 121, 158)" href="#collapsePwdFour" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
+            <a  style="background-color: rgb(181, 121, 158)" href="#collapseCompFour" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
               <i class="icon-aid icon-white">
               </i>
               Hint
             </a>
           </div>
-          <div class="accordion-body collapse" id="collapsePwdFour" style="height: 0px;">
+          <div class="accordion-body collapse" id="collapseCompFour" style="height: 0px;">
             <div class="accordion-inner">
 				<p class="desc">
 					Test
diff --git a/app/views/layouts/tutorial/broken_auth_sess/_password_complexity.html.erb b/app/views/layouts/tutorial/broken_auth_sess/_password_complexity.html.erb
index ebb4cbb..507bf0c 100644
--- a/app/views/layouts/tutorial/broken_auth_sess/_password_complexity.html.erb
+++ b/app/views/layouts/tutorial/broken_auth_sess/_password_complexity.html.erb
@@ -1,7 +1,7 @@
 <div class="widget">
     <div class="widget-header">
       <div class="title">
-        <span class="fs1" aria-hidden="true" data-icon="&#xe092;"></span> A3 - Broken Authentication and Session Management - Lack of Password Complexity
+        <span class="fs1" aria-hidden="true" data-icon="&#xe092;"></span> A2 - Broken Authentication and Session Management - Lack of Password Complexity
       </div>
     </div>
     <div class="widget-body">
diff --git a/app/views/layouts/tutorial/broken_auth_sess/_user_pass_enum.html.erb b/app/views/layouts/tutorial/broken_auth_sess/_user_pass_enum.html.erb
index 2d7ccf0..1c311c3 100755
--- a/app/views/layouts/tutorial/broken_auth_sess/_user_pass_enum.html.erb
+++ b/app/views/layouts/tutorial/broken_auth_sess/_user_pass_enum.html.erb
@@ -1,7 +1,7 @@
 <div class="widget">
     <div class="widget-header">
       <div class="title">
-        <span class="fs1" aria-hidden="true" data-icon="&#xe092;"></span> A3 - Broken Authentication and Session Management - Username/Pass Enumeration
+        <span class="fs1" aria-hidden="true" data-icon="&#xe092;"></span> A2 - Broken Authentication and Session Management - Username/Pass Enumeration
       </div>
     </div>
     <div class="widget-body">