From 2b2e267594708682d0c177256fa941e645cd2e47 Mon Sep 17 00:00:00 2001 From: Rene Zubcevic Date: Tue, 26 Mar 2019 16:34:02 +0100 Subject: [PATCH] hide password for testing with your actual password in front of colleagues --- .../org/owasp/webgoat/plugin/SecurePasswordsAssignment.java | 2 +- .../src/main/resources/html/SecurePasswords.html | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/plugin/SecurePasswordsAssignment.java b/webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/plugin/SecurePasswordsAssignment.java index aa35a5cc89..f3dea6c63e 100644 --- a/webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/plugin/SecurePasswordsAssignment.java +++ b/webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/plugin/SecurePasswordsAssignment.java @@ -38,7 +38,7 @@ public AttackResult completed(@RequestParam String password) { DecimalFormat df = new DecimalFormat("0", DecimalFormatSymbols.getInstance(Locale.ENGLISH)); df.setMaximumFractionDigits(340); - output.append("Your Password: " + password + "
"); + output.append("Your Password: *******
"); output.append("Length: " + password.length()+ "
"); output.append("Estimated guesses needed to crack your password: " + df.format(strength.getGuesses())+ "
"); output.append("
Score: " + strength.getScore()+ "/4
"); diff --git a/webgoat-lessons/secure-passwords/src/main/resources/html/SecurePasswords.html b/webgoat-lessons/secure-passwords/src/main/resources/html/SecurePasswords.html index a965e00dcb..7878b21551 100644 --- a/webgoat-lessons/secure-passwords/src/main/resources/html/SecurePasswords.html +++ b/webgoat-lessons/secure-passwords/src/main/resources/html/SecurePasswords.html @@ -26,7 +26,7 @@ - +