Reddit Official App: "I am able to take mod actions on a sub I'm not a mod in." : reddit

this post was submitted on 17 Jul 2023

558 points (99.5% liked)

13435 readers

1 users here now

founded 5 years ago

MODERATORS

[email protected]

558

Reddit Official App: "I am able to take mod actions on a sub I'm not a mod in." (lemmy.world)

submitted 1 year ago by BuckRowdy to c/[email protected]

22 comments fedilink hide all child comments

cross-posted from: https://lemmy.world/post/1660712

The hits just keep coming.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 21 points 1 year ago (1 children)

Wish they had gone through with it. The app is just a front-end that sends requests to the server, presumably the server is where authentication happens (otherwise everyone could just pull up dev tools on their desktop and become insta-mods of any sub with a few tweaks). That being said, if it was a server-side bug, then they have a big problem; otherwise it's just little more than a graphical error.

[–] [email protected] 12 points 1 year ago

Broken authorization is absurdly common, especially if they involve graphQl. I wouldn't be surprised if it worked.