#12 Security issue with Alt + Mouse Scroll

v1.0 (example)
closed
nobody
None
7
2015-01-26
2011-06-13
Anonymous
No

Safe Exam Can be navigated forward and backward using ALt + mouse scroll.
We use SEB with Moodle. One of the way of using such navigation is to list all needed sites in own user profile description field before exam, and then go to profile (profile link is always visible during quiz), then to any needed site, and then return to exam with alt+scroll.
In 1.5.1 version on widows XP external sites links shows some javascript error, but opens in new window. Such windows can be navigated with alt+tab, making every site accessible even without alt+scroll.

As i think the solution is to disable any access to sites, not listed in seb.ini. Or if it's alredy done, it is done with errors, because sites opens in new windows

Vadim Dvorovenko Vadimon_at_mail.ru

Discussion

    • priority: 5 --> 7
     
  • We have to investigate how to stop ALT+mouse scroll navigation in SEB for Windows. SEB for Mac OS X 10.5 has an option to prevent navigating to pages visited before, something similar we also need in the Windows version.

    You are writing "profile link is always visible during quiz". This is wrong, if you use Moodle 1.9.x and in quiz settings Security -> Secure Browser -> Safe Exam Browser, then there is no profile link visible. Unfortunately this Secure Browser mode doesn't work in Moode 2.x. We are trying to get it fixed in the Moodle core again. We have ourselves made a workaround, see the demo quiz at http://moodle.ch/login/index.php (Login/password seb).

    We are planing to implement a URL filter (permitted list) in SEB, see our roadmap at http://www.safeexambrowser.org/about_roadmap_en.html

     
  • SEB 2.0.2 has the option "Enable Alt-Mousewheel", default is disabled (see Config Tool -> Hooked Keys).

     
    • status: open --> closed
    • Group: --> v1.0 (example)