🕵️ Reddit: Can use the Reddit android app as usual even though revoking the access of it from reddit.com
Nachrichtenbereich: 🕵️ Sicherheitslücken
🔗 Quelle: vulners.com
Summary: Hi Team, For the last 4 days, I kept testing reddit web. That time, I revoked app access from the old.reddit.com and i checked my app and as expected i was not able to use the account in my app. After 2 days I was checking the chat invites feature on the web and after some time I turned on the internet on my mobile and got a Reddit "invitation accept" notification. I clicked on that and I was surprised that I was able to use the previously revoked user account again in the Reddit app. After I tried to reproduce the scenario again. I thought the revoked account get access again after clicking on the app "chat invite" notification. - I again revoked the app access from the old.reddit.com - I sent a chat invitation link to another test account and replied with the test account so that I get a "chat accept" notification in the mobile - After several tries from several test accounts, Finally, I received the "chat accept" invitation, only one time on the mobile (Note: this is also an issue) - I clicked on the notification and I was not able to access anything in the app (it was showing some error) - I tried to reproduce the issue again, I don't know the reason But this time I was not able to view the chat invite links from any accounts. (it was showing some error) - It took my whole day and I stopped testing. The next day again I got a post notification on my mobile. I clicked on that and again I see that the app was working as usual with a previous logged-in user!!!... ...