|
Ticket ID: 5464
|
Creation Date: 5/23/2007 5:44 PM
|
Product: SiteKiosk Classic Windows
|
Attachment: -
|
|
TicketType: Support Request
|
Version: 6.5.150
|
Language: English
|
|
Views: 41449
|
Last Modification Date: 5/24/2007 1:18 PM
|
Platform:
Windows XP Professional
|
|
|
Level: Closed
|
IE: 6.0 |
|
|
Bug Status: Fixed
|
User account: SiteKiosk Restricted User
|
Bug Frequency: About once a week
|
|
Support Request: USB Drive not Disabled
Reproduction
1. Launch SiteKiosk
2. Plug in a USB thumb-drive
3. "Anti Sabotage Mode" window appears and the mouse cursor is contained within it
4. However, the operating system still launches a window to read the USB drive
5. Note that the operating system window has focus, not the SiteKiosk Anti-sabotage mode window.
6. You can use the keyboard to navigate the USB drive, execute files or even browse to the C: drive.
When plugging in a USB drive while SiteKiosk is running, Anti-Sabotage Mode kicks in but does not prevent the user from executing files on the USB drive. The user is prevented from using the mouse to access commands on the USB window, but the keyboard still works. This is because the focus is on the operating system USB window and not the SiteKiosk window. Thus, any keystrokes are executed against the OS window. A savvy user can use this security hole to execute programs on the USB drive.
This is fully reproducible on our end.
