top of page

Informational Bug Bounty in


Vulnerability Name: Lack of Password confirmation on account deletion

Severity: P5

Vulnerable URL:

Payload used: No Payload used

How to reproduce this issue?

I created an account then go to settings on the right tab where I find account option and then I clicked on it and find an option of close my account. When I clicked on it, it doesn't ask me for the password.


This can be harmful as if by chance user forgets to logout from their account on a public computer anyone can delete their account without any permission required.


Developer should setup a password on the account deletion so that only the authorized user can delete it.

PS: This was resolved by after reporting this informational vulnerability.

18 views0 comments
Post: Blog2 Post
bottom of page