Hello,
P4 - Server Security Misconfiguration - Lack of Password Confirmation - Delete Account
This is a P4 vulnerability according to the VRT. I have reported this to a company where there is NO password confirmation at Delete account.
Steps:
1.Go to account settings.
2.Click on “DELETE” account.
3.A pop says “Are you sure you want to delete the account”.
4.Click on “YES”.
5.Account gets deleted.
Is this a valid report according to bugcrowd ?
Note: The program accepts and rewards P4 submissions.
2 Likes
From your description, it sounds like it’s probably a valid P4
Yes, but the bugcrowd evaluator closed the report as Wont fix saying “This is by design and A popup appears asking for a confirmation of the account deletion” so this is not valid finding.
Refer to the screenshot
Would you be willing to have a look at this? Shall I share the Submission ID?
I dont have access to submissions, if you’d like it re-reviewed you could email support@bugcrowd.com
But that said, Edis is a very experienced person in this area so I would tend to follow what he said here.
I’m sorry that it ended up being a Wont Fix 
Hello @samhouston ,
Can someone please explain how to test for this particular bug type in the Bugcrowd VRT:
P4 - Insecure Data Transport - Executable Download - No Secure Integrity Check
Any links to blog posts would be really appreciated.
Kind Regards.
