Valhalla Legends Forums Archive | General Discussion | Account Recovery Bug

AuthorMessageTime
Denial
Wow that was fun to watch today i figured out how to do it after a while but i didn't take any accounts. I did manage to create a few to save some peoples d2 accounts on ladder. Blizzard suspended account recovery for now so that's that.

Since it's already out to how to do it i wont bother posting how to do it since most people by the time they read this will already know

"A vulnerability relating to abusing the account recovery system has been fixed. Affected characters will be restored where possible, as quickly as we can. Everyone caught abusing this system will have their accounts closed and cd-keys banned from Battle.net. We apologize for the trouble this has caused.
--------------------------------------------------------------------------------
The Battle.net Team "
November 25, 2003, 9:19 AM
j0k3r
Well, share with those who don't know.
November 25, 2003, 12:31 PM
Zerg
We can't call back for our accounts anymore?(including the cd key)
November 25, 2003, 1:30 PM
Naem
The exploit was incredibly simple.

- Register a person's account on another realm. You put in an email address that you can access.

- Attempt password recovery from that account.

- You will get an E-mail from blizzard asking for confirmation of the password recovery. The email originates from "account.password.recovery@<yourrealm>.battle.net".

- To confirm the recovery you normally just have to reply to the email with the body quoted. To steal the person's account on the other realm, you just reply to the email, however, send the reply to <theirrealm>.battle.net. Their password would reset and be given to you.

November 25, 2003, 9:27 PM
Denial
yep but the question would be? would it work on rep accounts? i thought of the idea when they patched it? cause most reps dont keep their names on asia active
November 25, 2003, 9:44 PM
Hostile
lol, so they fixed the problem and to all those people who lost their accounts, better luck next time! As of right now they just have registration closed altogather, perhaps they will reopen with ability to recovery via cdkey.
November 25, 2003, 10:30 PM
Denial
ha blizzard made their name's more secure to like name.support@blizzard
November 26, 2003, 6:44 PM
Zerg
[quote author=Hostile link=board=2;threadid=3836;start=0#msg31412 date=1069799408]
lol, so they fixed the problem and to all those people who lost their accounts, better luck next time! As of right now they just have registration closed altogather, perhaps they will reopen with ability to recovery via cdkey.
[/quote]
Ack! This means they have closed the ability to get accounts via cdkey?!?
November 26, 2003, 9:10 PM

Search