After the host has started a meeting and setup a password, any guest can change it

I’ve realized that if the host sets a password for the meeting other persons in the meeting can change the meeting password this option should only be permitted for the host.

I’m not sure about the logic behind this, maybe @saghul or @damencho can comment ?

I can then file a proper security issue report if deemed appropriate.

That is already the case, sort of. Changing the password is an operation only moderators can do. However, on meet.jit.si, all users are moderators, that’s why they can change it.

If you want different behavior you can configure it differently, but need to have your own deployment for that.

2 Likes

Should not be that way,because the same way they can’t kick no one out when a password is set they should not be able to change the password as long as they did’nt start the meeting.

That’s just your opinion.

As I said you have the flexibility con control all of that (and then some) if you have your own deployment. On meet.jit.si we have made some decisions, such as having all users be anonymous, and that has certain implications. There are no “special powers” for the user who starts the meeting.

1 Like

Understood