Login SEB Config Tool without entering a password

[hendra-cspdg]

Describe the Bug We can enter SEB Config Tool without entering a password and we can save the new configuration even new admin password.

Steps to Reproduce Steps to reproduce the behavior:

1. Double-click SEBConfigTool.exe and login form appears.
2. We can skip this by pressing the Esc key on the keyboard or pressing the Cancel button.
3. then the SEB Config Tool window appears with default settings (default Start URL, admin password blank, etc.).
4. we can change all settings and we can save them.

Version Information

• OS: Windows 8.1 Pro 64-Bit, Windows 7 Ultimate 64-Bit
• SEB-Version 2.2.3

[danschlet]

Please first study the SEB manual before opening issues.

This is no bug, but intended by design. In a BYOD environment, students anyways have access to all the files on their computers, so they can easily replace the SebClientConfig.seb file in their %APPDATA%\SafeExamBrowser\ directory. You have to use the Browser Exam Key feature to make sure they can access your exam only with correct settings. And you should use SEB config files saved for "starting an exam" saved on a web server and accessed by a sebs:/// link to that file, ideally encrypted by a settings password to make sure they get access to the exams only when the exam is started.

On managed PCs, save SebClientSettings.seb to the %PROGRAMDATA%\SafeExamBrowser\ directory and make sure that only administrators have write access to that directory.