Logging on to WebGoat (Java) with username 'webgoat' does not provide access to
hints or source code in the WebGoat UI. User 'guest' does see those items.
Perhaps there is a role that needs to be added to the 'webgoat' user in Tomcat.
Should either fix this, document it (if this is by design to provide more of a
challenge), or maybe update home page with account information to remove the
'webgoat' user from list.
Original issue reported on code.google.com by chuck.f....@gmail.com on 12 Sep 2012 at 2:17
Original issue reported on code.google.com by
chuck.f....@gmail.comon 12 Sep 2012 at 2:17