• Welcome to Valhalla Legends Archive.
 

Account Recovery Bug

Started by Denial, November 25, 2003, 03:19 AM

Previous topic - Next topic

Denial

Wow that was fun to watch today i figured out how to do it after a while but i didn't take any accounts. I did manage to create a few to save some peoples d2 accounts on ladder. Blizzard suspended account recovery for now so that's that.

Since it's already out to how to do it i wont bother posting how to do it since most people by the time they read this will already know

"A vulnerability relating to abusing the account recovery system has been fixed. Affected characters will be restored where possible, as quickly as we can. Everyone caught abusing this system will have their accounts closed and cd-keys banned from Battle.net. We apologize for the trouble this has caused.
--------------------------------------------------------------------------------
The Battle.net Team "
Actus non facit reum nisi mens sit rea

j0k3r

Well, share with those who don't know.
QuoteAnyone attempting to generate random numbers by deterministic means is, of course, living in a state of sin
John Vo

Zerg

We can't call back for our accounts anymore?(including the cd key)

Naem

The exploit was incredibly simple.

- Register a person's account on another realm. You put in an email address that you can access.

- Attempt password recovery from that account.

- You will get an E-mail from blizzard asking for confirmation of the password recovery. The email originates from "account.password.recovery@<yourrealm>.battle.net".

- To confirm the recovery you normally just have to reply to the email with the body quoted. To steal the person's account on the other realm, you just reply to the email, however, send the reply to <theirrealm>.battle.net. Their password would reset and be given to you.

اگر بتوانید این را بهخوابید ، من را "پی ام" کنید

Denial

yep but the question would be? would it work on rep accounts? i thought of the idea when they patched it? cause most reps dont keep their names on asia active
Actus non facit reum nisi mens sit rea

Hostile

#5
lol, so they fixed the problem and to all those people who lost their accounts, better luck next time! As of right now they just have registration closed altogather, perhaps they will reopen with ability to recovery via cdkey.
- Hostile is sexy.

Denial

ha blizzard made their name's more secure to like name.support@blizzard
Actus non facit reum nisi mens sit rea

Zerg

Quote from: Hostile on November 25, 2003, 04:30 PM
lol, so they fixed the problem and to all those people who lost their accounts, better luck next time! As of right now they just have registration closed altogather, perhaps they will reopen with ability to recovery via cdkey.
Ack! This means they have closed the ability to get accounts via cdkey?!?