Brave browser can bypass user/pass authentication (update: debunked)

I tried out setting up a Jitsi server, and enforce user + password authentication for use with family.
But sadly, I found a very simple to execute security flaw.

In Brave there are 3 settings of blocking browser fingerprinting.
If set to “attempt blocked cross site fingerprinting” or “attempt permitted fingerprinting”, it’ll prompt a username and password popup just like on Firefox, Chromium, and Konqueror.
But if set to “attempt blocked fingerprinting”, the login popup will not appear, and can enter the meeting despite having set up authentication on the server

you can enter a meeting with several users or just one ? in the latter case it’s not a real ‘meeting’, it’s just a way of seeing yourself.

Sorry, but not sure what amount of users has to do with bypassing user authentication.

as I said, if you have a meeting of one, it’s not a meeting at all, so there is no authentication bypassed.

I’m talking about the exact same server, exact same room, exact same URL, tested in multiple browsers and even multiple sessions of each browser.
Which is why I don’t know what user count has to do with anything.

Maybe it’ll become clear with a video.

No need to discuss further then. Bye.

Hiding the login dialog does not mean bypassing security. If you are able to actually join the room and see the other participants that is entering the meeting and that will be bypassing the authentication. Do you see that, as your video shows just hiding the login dialog?

Tried using 2 users on 2 other browsers (I chose Konqueror and Firefox for this).
Indeed, the Konqueror and Firefox ones actually seemed to be in conversation, the Brave one wasn’t (appeared like if the Brave one existed in an alternative dimention).

That explains the reason, thank you!

As for seeing video, my PC has no camera nor microphone, so I don’t know.
Intention is to have it used by our smartphones, and is meant as an insurance in case LINE will be blackout too during this week (Naver is a big tech corporation afterall).