Issue #94 resolved

bug in config set block_unsubscribed = 1

created an issue

there is a security bug related to "set block_unsubscribed = 1". in combination with these OTR settings: "set otr = 1" "otrpolicy default always"

this combination can create security risk, because unsubscribed user is blocked, but at the same time is able to establish OTR secure channel. and therefore he at least knew, the user is online.

setting "set block_unsubscribed = 1" should block either OTR.

Comments (2)

  1. Mikael Berthe repo owner
    • changed status to open

    Thanks, I'll push a patch that should fix that behaviour. Please tell me if it doesn't (you can also leave a message in the mcabber MUC room).

  2. Log in to comment