Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-16986

Quiz IP protection broken in Moodle 1.9.2.!

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • 1.9.2
    • 1.7.7, 1.8.8, 1.9.4
    • Quiz
    • None
    • MOODLE_19_STABLE
    • MOODLE_17_STABLE, MOODLE_18_STABLE, MOODLE_19_STABLE

    Description

      Later studing logs I found a very worring issue: students can access IP-protected quizzes on our site from any computer! I try it myself under student login and found I can do this too. Also, Moodle will stop show the messages about IP-protection for the teachers if they used a computer outside valid range. This is a disaster to the security policy of our university!

      IP address range used on our quizzes: 172.16.1.143/148, 172.16.1.136/137, 172.16.1.98/126.
      Examples of addresses with student access from the logs: 85.172.119.4 or 213.234.0.194
      The role for student is a standart Moodle role, without any redefinition.

      I can e-mail you login and password to access to one of our courses with such quizzes with a student role if you can't reproduce the bug.

      Please fix this with all possible speed. I already detected about 10 student's attempts to access protected quizzes (and save it's contents with feedback, they don't even bother to try to answer the questions).

      Attachments

        Activity

          People

            timhunt Tim Hunt
            oa_sychev Oleg Sychev
            Tim Hunt, Ilya Tregubov, Kevin Percy, Mathew May, Mihail Geshoski, Shamim Rezaie
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              28/Jan/09