team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

lastest work towards the secure_compare tutorial

Browse Source
This commit is contained in:
cktricky
2013-08-18 20:10:36 -04:00
parent 3c7a3fc9e4
commit bc74edf28d
2 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/views/layouts/tutorial/broken_auth_sess/_insecure_compare.html.erb
+5 -3
View File
@@ -16,7 +16,9 @@
</div>
<div class="accordion-body in collapse" id="collapsePwdOne" style="height: auto;">
<div class="accordion-inner">
<p class="desc">
A timing attack can exist in several forms. This specific case relates to username (email address) enumeration. By leveraging an automated tool, an attacker can review any subtle variation in response times after submitting a login request to determine if the application is performing a computationally intense function. Meaning, if a function is run once a user is discovered, even if the password is incorrect, this information provides the user with valid or invalid usernames.
</p>
</div>
</div>
</div>
@@ -59,11 +61,11 @@
<div class="accordion-body collapse" id="collapsePwdFour" style="height: 0px;">
<div class="accordion-inner">
<p class="desc">
Test
</p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>