Website: https://indeed.com

Vulnerability Name: Lack of Password confirmation on account deletion

Severity: P5

Vulnerable URL: https://secure.indeed.com/account/view

Payload used: No Payload used

How to reproduce this issue?

I created an account then go to settings on the right tab where I find account option and then I clicked on it and find an option of close my account. When I clicked on it, it doesn't ask me for the password.

Impact:

This can be harmful as if by chance user forgets to logout from their account on a public computer anyone can delete their account without any permission required.

Remediation:

Developer should setup a password on the account deletion so that only the authorized user can delete it.

PS: This was resolved by indeed.com after reporting this informational vulnerability.