team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed broken auth numbering and also the incorrect accordion labels within insecure_compare

Browse Source
This commit is contained in:
cktricky
2013-08-18 20:18:33 -04:00
parent bc74edf28d
commit 5b6b88a4ba
3 changed files with 11 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/views/layouts/tutorial/broken_auth_sess/_insecure_compare.html.erb
+9 -9
View File
@@ -1,20 +1,20 @@
<div class="widget">
<div class="widget-header">
<div class="title">
<span class="fs1" aria-hidden="true" data-icon="&#xe092;"></span> A3 - Broken Authentication and Session Management - Insecure Compare and Timing Attacks
<span class="fs1" aria-hidden="true" data-icon="&#xe092;"></span> A2 - Broken Authentication and Session Management - Insecure Compare and Timing Attacks
</div>
</div>
<div class="widget-body">
<div id="accordion1" class="accordion no-margin">
<div class="accordion-group">
<div class="accordion-heading">
<a href="#collapsePwdOne" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
<a href="#collapseCompOne" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
<i class="icon-info icon-white">
</i>
Description
</a>
</div>
<div class="accordion-body in collapse" id="collapsePwdOne" style="height: auto;">
<div class="accordion-body in collapse" id="collapseCompOne" style="height: auto;">
<div class="accordion-inner">
<p class="desc">
A timing attack can exist in several forms. This specific case relates to username (email address) enumeration. By leveraging an automated tool, an attacker can review any subtle variation in response times after submitting a login request to determine if the application is performing a computationally intense function. Meaning, if a function is run once a user is discovered, even if the password is incorrect, this information provides the user with valid or invalid usernames.
@@ -24,13 +24,13 @@
</div>
<div class="accordion-group">
<div class="accordion-heading">
<a href="#collapsePwdTwo" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
<a href="#collapseCompTwo" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
<i class="icon-bug icon-white">
</i>
Bug
</a>
</div>
<div class="accordion-body collapse" id="collapsePwdTwo" style="height: 0px;">
<div class="accordion-body collapse" id="collapseCompTwo" style="height: 0px;">
<div class="accordion-inner">
</div>
@@ -38,13 +38,13 @@
</div>
<div class="accordion-group">
<div class="accordion-heading">
<a href="#collapsePwdThree" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
<a href="#collapseCompThree" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
<i class="icon-lightning icon-white">
</i>
Solution
</a>
</div>
<div class="accordion-body collapse" id="collapsePwdThree" style="height: 0px;">
<div class="accordion-body collapse" id="collapseCompThree" style="height: 0px;">
<div class="accordion-inner">
</div>
@@ -52,13 +52,13 @@
</div>
<div class="accordion-group">
<div class="accordion-heading">
<a style="background-color: rgb(181, 121, 158)" href="#collapsePwdFour" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
<a style="background-color: rgb(181, 121, 158)" href="#collapseCompFour" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
<i class="icon-aid icon-white">
</i>
Hint
</a>
</div>
<div class="accordion-body collapse" id="collapsePwdFour" style="height: 0px;">
<div class="accordion-body collapse" id="collapseCompFour" style="height: 0px;">
<div class="accordion-inner">
<p class="desc">
Test
app/views/layouts/tutorial/broken_auth_sess/_password_complexity.html.erb
+1 -1
View File
@@ -1,7 +1,7 @@
<div class="widget">
<div class="widget-header">
<div class="title">
<span class="fs1" aria-hidden="true" data-icon="&#xe092;"></span> A3 - Broken Authentication and Session Management - Lack of Password Complexity
<span class="fs1" aria-hidden="true" data-icon="&#xe092;"></span> A2 - Broken Authentication and Session Management - Lack of Password Complexity
</div>
</div>
<div class="widget-body">
app/views/layouts/tutorial/broken_auth_sess/_user_pass_enum.html.erb
+1 -1
View File
@@ -1,7 +1,7 @@
<div class="widget">
<div class="widget-header">
<div class="title">
<span class="fs1" aria-hidden="true" data-icon="&#xe092;"></span> A3 - Broken Authentication and Session Management - Username/Pass Enumeration
<span class="fs1" aria-hidden="true" data-icon="&#xe092;"></span> A2 - Broken Authentication and Session Management - Username/Pass Enumeration
</div>
</div>
<div class="widget-body">