Vulnerability Name: Lack of Password confirmation on account deletion
Vulnerable URL: https://secure.indeed.com/account/view
Payload used: No Payload used
How to reproduce this issue?
I created an account then go to settings on the right tab where I find account option and then I clicked on it and find an option of close my account. When I clicked on it, it doesn't ask me for the password.
This can be harmful as if by chance user forgets to logout from their account on a public computer anyone can delete their account without any permission required.
Developer should setup a password on the account deletion so that only the authorized user can delete it.
PS: This was resolved by indeed.com after reporting this informational vulnerability.