Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-16986

Quiz IP protection broken in Moodle 1.9.2.!

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 1.9.2
    • Fix Version/s: 1.7.7, 1.8.8, 1.9.4
    • Component/s: Quiz, Security Alert
    • Labels:
      None
    • Affected Branches:
      MOODLE_19_STABLE
    • Fixed Branches:
      MOODLE_17_STABLE, MOODLE_18_STABLE, MOODLE_19_STABLE

      Description

      Later studing logs I found a very worring issue: students can access IP-protected quizzes on our site from any computer! I try it myself under student login and found I can do this too. Also, Moodle will stop show the messages about IP-protection for the teachers if they used a computer outside valid range. This is a disaster to the security policy of our university!

      IP address range used on our quizzes: 172.16.1.143/148, 172.16.1.136/137, 172.16.1.98/126.
      Examples of addresses with student access from the logs: 85.172.119.4 or 213.234.0.194
      The role for student is a standart Moodle role, without any redefinition.

      I can e-mail you login and password to access to one of our courses with such quizzes with a student role if you can't reproduce the bug.

      Please fix this with all possible speed. I already detected about 10 student's attempts to access protected quizzes (and save it's contents with feedback, they don't even bother to try to answer the questions).

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  28/Jan/09