diff --git a/modules/exploits/multi/http/rails_secret_deserialization.rb b/modules/exploits/multi/http/rails_secret_deserialization.rb
index 15b2a0810f..898df97493 100644
--- a/modules/exploits/multi/http/rails_secret_deserialization.rb
+++ b/modules/exploits/multi/http/rails_secret_deserialization.rb
@@ -259,7 +259,7 @@ class Metasploit3 < Msf::Exploit::Remote
 				fail_with(Exploit::Failure::BadConfig, "No cookie found and no name given")
 			end
 			if datastore['VALIDATE_COOKIE']
-				fail_with(Exploit::Failure::BadConfig, "COOKIE not validated, set VALIDATE_COOKIE to false send the payload without validation")
+				fail_with(Exploit::Failure::BadConfig, "COOKIE not validated, unset VALIDATE_COOKIE to send the payload anyway")
 			else
 				print_status("Trying to leverage default controller without cookie confirmation.")
 			end