| Key: |
MDL-16986
|
| Type: |
Bug
|
| Status: |
Resolved
|
| Resolution: |
Fixed
|
| Priority: |
Critical
|
| Assignee: |
Tim Hunt
|
| Reporter: |
Oleg Sychev
|
| Votes: |
0
|
| Watchers: |
0
|
|
|
| Participants: |
Oleg Sychev and Tim Hunt
|
| Security Level: |
None
|
| Resolved date: |
24/Oct/08
|
| Affected Branches: |
MOODLE_19_STABLE
|
| Fixed Branches: |
MOODLE_17_STABLE, MOODLE_18_STABLE, MOODLE_19_STABLE
|
|
Later studing logs I found a very worring issue: students can access IP-protected quizzes on our site from any computer! I try it myself under student login and found I can do this too. Also, Moodle will stop show the messages about IP-protection for the teachers if they used a computer outside valid range. This is a disaster to the security policy of our university!
IP address range used on our quizzes: 172.16.1.143/148, 172.16.1.136/137, 172.16.1.98/126.
Examples of addresses with student access from the logs: 85.172.119.4 or 213.234.0.194
The role for student is a standart Moodle role, without any redefinition.
I can e-mail you login and password to access to one of our courses with such quizzes with a student role if you can't reproduce the bug.
Please fix this with all possible speed. I already detected about 10 student's attempts to access protected quizzes (and save it's contents with feedback, they don't even bother to try to answer the questions).
|
|
Description
|
Later studing logs I found a very worring issue: students can access IP-protected quizzes on our site from any computer! I try it myself under student login and found I can do this too. Also, Moodle will stop show the messages about IP-protection for the teachers if they used a computer outside valid range. This is a disaster to the security policy of our university!
IP address range used on our quizzes: 172.16.1.143/148, 172.16.1.136/137, 172.16.1.98/126.
Examples of addresses with student access from the logs: 85.172.119.4 or 213.234.0.194
The role for student is a standart Moodle role, without any redefinition.
I can e-mail you login and password to access to one of our courses with such quizzes with a student role if you can't reproduce the bug.
Please fix this with all possible speed. I already detected about 10 student's attempts to access protected quizzes (and save it's contents with feedback, they don't even bother to try to answer the questions). |
Show » |
tjhunt committed 2 files to 'Moodle CVS' on branch 'MOODLE_18_STABLE' - 24/Oct/08 10:53 AM
moodlelib iprange checks: MDL-16986 If the user makes a mistake and types something like 172.16.1.143/148, with something greater than 32 after the slash, treat it as /32.
|
|
|
tjhunt committed 2 files to 'Moodle CVS' - 24/Oct/08 10:53 AM
moodlelib iprange checks: MDL-16986 If the user makes a mistake and types something like 172.16.1.143/148, with something greater than 32 after the slash, treat it as /32.
|
|
|
tjhunt committed 2 files to 'Moodle CVS' on branch 'MOODLE_17_STABLE' - 24/Oct/08 10:54 AM
moodlelib iprange checks: MDL-16986 If the user makes a mistake and types something like 172.16.1.143/148, with something greater than 32 after the slash, treat it as /32.
|
|
|
tjhunt committed 2 files to 'Moodle CVS' on branch 'MOODLE_19_STABLE' - 24/Oct/08 10:54 AM
moodlelib iprange checks: MDL-16986 If the user makes a mistake and types something like 172.16.1.143/148, with something greater than 32 after the slash, treat it as /32.
|
|
|
|
Quiz IP protection broken in Moodle 1.9.2.!
