UsingWW: possible vulnerabilities

WeBWorK Main Forum

possible vulnerabilities

◄ Prevent cheating in Gateway quizzes
Checkboxes with partial marks ►

This forum has a limit to the number of forum postings you can make in a given time period - this is currently set at 10 posting(s) in 1 day

Is this forum the right place to discuss and diagnose possible security vulnerabilities in webwork?

Hopefully the red flags are just mistakes by automated security scans, but who knows.

Andras

Re: possible vulnerabilities

by Alex Jordan - Wednesday, 20 January 2021, 7:39 PM

Please do consider if you have found a security vulnerability, that posting publicly about it here might direct bad actors to abuse it.

There is some discussion about what to do instead. Have a special mailing list. A Slack channel. Other things. It's not clear to me yet what will happen. In the meantime I'm not sure what to recommend.

Re: possible vulnerabilities

by Nathan Wallach - Friday, 22 January 2021, 12:52 AM

Until there is a better solution - email one of the core team members. I'll send you some addresses to choose from.

◄ Prevent cheating in Gateway quizzes
Checkboxes with partial marks ►