Queries regarding a P4 vulnerability in VRT

#1

Hello,

P4 - Server Security Misconfiguration - Lack of Password Confirmation - Delete Account

This is a P4 vulnerability according to the VRT. I have reported this to a company where there is NO password confirmation at Delete account.

Steps:
1.Go to account settings.
2.Click on “DELETE” account.
3.A pop says “Are you sure you want to delete the account”.
4.Click on “YES”.
5.Account gets deleted.

Is this a valid report according to bugcrowd ?

Note: The program accepts and rewards P4 submissions.

1 Like

#2

From your description, it sounds like it’s probably a valid P4

0 Likes

#3

Yes, but the bugcrowd evaluator closed the report as Wont fix saying “This is by design and A popup appears asking for a confirmation of the account deletion” so this is not valid finding.

Refer to the screenshot

Would you be willing to have a look at this? Shall I share the Submission ID?

0 Likes

#4

I dont have access to submissions, if you’d like it re-reviewed you could email support@bugcrowd.com

But that said, Edis is a very experienced person in this area so I would tend to follow what he said here.

I’m sorry that it ended up being a Wont Fix :frowning:

0 Likes