I found that the chat panel loads on my website before I enter the 2-factor authentication code and log in to my website!
This is a potential vulnerability, this is a bug in the security of JomSocial, since attackers can gain access to the user's chats before actually logging in to the website!
You can check it yourself on any website that has enabled 2-factor authentication in Joomla!
After entering your login and password, just wait a few seconds (do not enter the 2-factor authentication code) and you will see a chat form appear (before you actually log in to the website).
Joomla 5.2, JomSocial 4.9.3