Queries regarding a P4 vulnerability in VRT



P4 - Server Security Misconfiguration - Lack of Password Confirmation - Delete Account

This is a P4 vulnerability according to the VRT. I have reported this to a company where there is NO password confirmation at Delete account.

1.Go to account settings.
2.Click on “DELETE” account.
3.A pop says “Are you sure you want to delete the account”.
4.Click on “YES”.
5.Account gets deleted.

Is this a valid report according to bugcrowd ?

Note: The program accepts and rewards P4 submissions.

1 Like


From your description, it sounds like it’s probably a valid P4



Yes, but the bugcrowd evaluator closed the report as Wont fix saying “This is by design and A popup appears asking for a confirmation of the account deletion” so this is not valid finding.

Refer to the screenshot

Would you be willing to have a look at this? Shall I share the Submission ID?



I dont have access to submissions, if you’d like it re-reviewed you could email support@bugcrowd.com

But that said, Edis is a very experienced person in this area so I would tend to follow what he said here.

I’m sorry that it ended up being a Wont Fix :frowning: