P4 - Server Security Misconfiguration - Lack of Password Confirmation - Delete Account
This is a P4 vulnerability according to the VRT. I have reported this to a company where there is NO password confirmation at Delete account.
1.Go to account settings.
2.Click on “DELETE” account.
3.A pop says “Are you sure you want to delete the account”.
4.Click on “YES”.
5.Account gets deleted.
Is this a valid report according to bugcrowd ?
Note: The program accepts and rewards P4 submissions.