Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-16986

Quiz IP protection broken in Moodle 1.9.2.!

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 1.9.2
    • Fix Version/s: 1.7.7, 1.8.8, 1.9.4
    • Component/s: Quiz
    • Labels:
      None
    • Affected Branches:
      MOODLE_19_STABLE
    • Fixed Branches:
      MOODLE_17_STABLE, MOODLE_18_STABLE, MOODLE_19_STABLE

      Description

      Later studing logs I found a very worring issue: students can access IP-protected quizzes on our site from any computer! I try it myself under student login and found I can do this too. Also, Moodle will stop show the messages about IP-protection for the teachers if they used a computer outside valid range. This is a disaster to the security policy of our university!

      IP address range used on our quizzes: 172.16.1.143/148, 172.16.1.136/137, 172.16.1.98/126.
      Examples of addresses with student access from the logs: 85.172.119.4 or 213.234.0.194
      The role for student is a standart Moodle role, without any redefinition.

      I can e-mail you login and password to access to one of our courses with such quizzes with a student role if you can't reproduce the bug.

      Please fix this with all possible speed. I already detected about 10 student's attempts to access protected quizzes (and save it's contents with feedback, they don't even bother to try to answer the questions).

        Attachments

          Activity

            People

            • Assignee:
              timhunt Tim Hunt
              Reporter:
              oa_sychev Oleg Sychev
              Participants:
              Component watchers:
              Tim Hunt, Andrew Nicols, Mathew May, Michael Hawkins, Shamim Rezaie, Simey Lameze
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                28/Jan/09