bug in config set block_unsubscribed = 1

Issue #94 resolved
created an issue

there is a security bug related to "set block_unsubscribed = 1". in combination with these OTR settings: "set otr = 1" "otrpolicy default always"

this combination can create security risk, because unsubscribed user is blocked, but at the same time is able to establish OTR secure channel. and therefore he at least knew, the user is online.

setting "set block_unsubscribed = 1" should block either OTR.

Comments (2)

  1. Log in to comment