Reddit patches CSRF vulnerability that forced users to view NSFW content

17-Jun-22

Reddit users were compelled to see adult content due to a cross-site request forgery (CSRF) vulnerability. Because the medium-severity security flaw prevented the opportunity to turn on some settings, malevolent hackers might route users to adult content who had chosen to restrict it.

The victim creates a Reddit account and goes to https://old.reddit.com/prefs/ to begin the reproduction process. The user then goes to the NSFW (not safe for work) subreddit https://www.reddit.com/r/nsfw subreddit here>, where a window appears asking if the user wishes to see explicit content. Read More…