I’ve realized that if the host sets a password for the meeting other persons in the meeting can change the meeting password this option should only be permitted for the host.
I can then file a proper security issue report if deemed appropriate.
That is already the case, sort of. Changing the password is an operation only moderators can do. However, on meet.jit.si, all users are moderators, that’s why they can change it.
If you want different behavior you can configure it differently, but need to have your own deployment for that.
Should not be that way,because the same way they can’t kick no one out when a password is set they should not be able to change the password as long as they did’nt start the meeting.
That’s just your opinion.
As I said you have the flexibility con control all of that (and then some) if you have your own deployment. On meet.jit.si we have made some decisions, such as having all users be anonymous, and that has certain implications. There are no “special powers” for the user who starts the meeting.