Text only | Text with Images

Valhalla Legends Archive

General => General Discussion => Topic started by: Denial on November 25, 2003, 03:19 AM

Title: Account Recovery Bug
Post by: Denial on November 25, 2003, 03:19 AM
Wow that was fun to watch today i figured out how to do it after a while but i didn't take any accounts. I did manage to create a few to save some peoples d2 accounts on ladder. Blizzard suspended account recovery for now so that's that.

Since it's already out to how to do it i wont bother posting how to do it since most people by the time they read this will already know

"A vulnerability relating to abusing the account recovery system has been fixed. Affected characters will be restored where possible, as quickly as we can. Everyone caught abusing this system will have their accounts closed and cd-keys banned from Battle.net. We apologize for the trouble this has caused.
--------------------------------------------------------------------------------
The Battle.net Team "
Title: Re:Account Recovery Bug
Post by: j0k3r on November 25, 2003, 06:31 AM
Well, share with those who don't know.
Title: Re:Account Recovery Bug
Post by: Zerg on November 25, 2003, 07:30 AM
We can't call back for our accounts anymore?(including the cd key)
Title: Re:Account Recovery Bug
Post by: Naem on November 25, 2003, 03:27 PM
The exploit was incredibly simple.

- Register a person's account on another realm. You put in an email address that you can access.

- Attempt password recovery from that account.

- You will get an E-mail from blizzard asking for confirmation of the password recovery. The email originates from "account.password.recovery@<yourrealm>.battle.net".

- To confirm the recovery you normally just have to reply to the email with the body quoted. To steal the person's account on the other realm, you just reply to the email, however, send the reply to <theirrealm>.battle.net. Their password would reset and be given to you.

Title: Re:Account Recovery Bug
Post by: Denial on November 25, 2003, 03:44 PM
yep but the question would be? would it work on rep accounts? i thought of the idea when they patched it? cause most reps dont keep their names on asia active
Title: Re:Account Recovery Bug
Post by: Hostile on November 25, 2003, 04:30 PM
lol, so they fixed the problem and to all those people who lost their accounts, better luck next time! As of right now they just have registration closed altogather, perhaps they will reopen with ability to recovery via cdkey.
Title: Re:Account Recovery Bug
Post by: Denial on November 26, 2003, 12:44 PM
ha blizzard made their name's more secure to like name.support@blizzard
Title: Re:Account Recovery Bug
Post by: Zerg on November 26, 2003, 03:10 PM
Quote from: Hostile on November 25, 2003, 04:30 PM
lol, so they fixed the problem and to all those people who lost their accounts, better luck next time! As of right now they just have registration closed altogather, perhaps they will reopen with ability to recovery via cdkey.
Ack! This means they have closed the ability to get accounts via cdkey?!?
Text only | Text with Images