In Group Chat, a user can change the topic as blank even without permissions. This is accomplished by entering only spaces in the change topic dialogue box. It doesn’t appear to actually save the changes into the database (which is good), but all members in the room at the time of the user doing it will see it cleared out. The topic change also logs as successful in the group chat logs. Closing and reopening the chat will show the topic before the end-user cleared it.
The members without access are marked as “Member” in the room permissions. If it makes any difference, my user database is LDAP.
Server Version: OpenFire 3.3.3
Client: Spark 2.5.7
Y - List Room in Directory
|N - Make Room Moderated
Y - Make Room Members-only
|N - Allow Occupants to invite Others
N - Allow Occupants to change Subject |
N - Only login with registered nickname |
N - Allow Occupants to change nicknames |
N - Allow Users to register with the room |
Y - Log Room Conversations