search

abhibundela / owaspbwa

Automatically exported from code.google.com/p/owaspbwa
1 stars 2 forks source link

WebGoat user 'webgoat' does not show hints / source code #72

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
Logging on to WebGoat (Java) with username 'webgoat' does not provide access to 
hints or source code in the WebGoat UI.  User 'guest' does see those items.

Perhaps there is a role that needs to be added to the 'webgoat' user in Tomcat. 
 Should either fix this, document it (if this is by design to provide more of a 
challenge), or maybe update home page with account information to remove the 
'webgoat' user from list.

Original issue reported on code.google.com by chuck.f....@gmail.com on 12 Sep 2012 at 2:17

GoogleCodeExporter commented 8 years ago 
This is due to the "webgoat" user being an application level admin user. I 
updated the index.html to reflect this.

Original comment by chuck.f....@gmail.com on 19 Jun 2015 at 2:04