lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <42F1C0FC.4020306@science.org>
Date: Thu Aug  4 08:16:31 2005
From: jasonc at science.org (Jason Coombs)
Subject: [Fwd: CCO Locksmith - Automated Reply]

Can I e-mail cco-team@...co.com and ask them to send me an arbitrary 
user's new password? Hmm...

If I happened to be the one responsible for causing this DoS then don't 
you think I would already have the ones of the following details of a 
target victim's account at cisco.com ?

   1 Maintenance contract or Account number you used in your registration
   2 The user ID your believe you have
   3 Full name
   4 Company name

And of course I would have their authentic e-mail address temporarily 
disabled due to some unexplained outage, so that Cisco can't easily 
e-mail them a confirmation to their old e-mail address...

Practically-speaking, Cisco has little choice but to personally phone 
every single member, or dump their entire registration database and 
force the users to re-apply for new member accounts.

This automatic password reset thing is fatally-flawed.

Regards,

Jason Coombs
jasonc@...ence.org


-------- Original Message --------
Subject: CCO Locksmith - Automated Reply
Date: Thu, 4 Aug 2005 00:07:15 -0700 (PDT)
From: cco-valet@...co.com
To: jasonc@...ence.org

This is an automated reply ONLY to have your CCO p/w changed.

DO NOT reply directly to this email!

Sorry, your attempt to change your p/w on CCO has not been successful.

Reason:
======
1) There was no record of your email address being associated with
    a user ID in CCO.
      or
2) The email record within CCO that may be associated with your name, may be
    slightly different to the one on your email Reply-to: or From: line.
      or
3) You are not registered at all on the service.
	or
4) Your account may be in inactive state.

Action:
======
A) If you believe you are registered on CCO...

Please email cco-team@...co.com to have your correct email address 
associated
with your User ID. To ensure you receive prompt attention, please provide
all of the following details:

   1 Maintenance contract or Account number you used in your registration
   2 The user ID your believe you have
   3 Full name
   4 Company name

Please note, your registration may have been disabled if you had not used
the service in the last 6 months. In this case, you may need to perform an
online registration again. You will be advised by email if this is the case.

or

B) If you are not registered, please perform an online registration.
    For an automated reply of general CCO information,
    please email cco-help@...co.com

Any further inquiries should be directed to cco-team@...co.com

Thank you

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ