[Full-disclosure] [Fwd: CCO Locksmith - Automated Reply]

• Previous message: Georgi Guninski: "Re: [Full-disclosure] Cisco CCO hacked"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 03 Aug 2005 21:17:16 -1000
To: Full-Disclosure <full-disclosure@lists.grok.org.uk>

Can I e-mail cco-team@cisco.com and ask them to send me an arbitrary
user's new password? Hmm...

If I happened to be the one responsible for causing this DoS then don't
you think I would already have the ones of the following details of a
target victim's account at cisco.com ?

   1 Maintenance contract or Account number you used in your registration
   2 The user ID your believe you have
   3 Full name
   4 Company name

And of course I would have their authentic e-mail address temporarily
disabled due to some unexplained outage, so that Cisco can't easily
e-mail them a confirmation to their old e-mail address...

Practically-speaking, Cisco has little choice but to personally phone
every single member, or dump their entire registration database and
force the users to re-apply for new member accounts.

This automatic password reset thing is fatally-flawed.

Regards,

Jason Coombs
jasonc@science.org

-------- Original Message --------
Subject: CCO Locksmith - Automated Reply
Date: Thu, 4 Aug 2005 00:07:15 -0700 (PDT)
From: cco-valet@cisco.com
To: jasonc@science.org

This is an automated reply ONLY to have your CCO p/w changed.

DO NOT reply directly to this email!

Sorry, your attempt to change your p/w on CCO has not been successful.

Reason:
======
1) There was no record of your email address being associated with
    a user ID in CCO.
      or
2) The email record within CCO that may be associated with your name, may be
    slightly different to the one on your email Reply-to: or From: line.
      or
3) You are not registered at all on the service.
        or
4) Your account may be in inactive state.

Action:
======
A) If you believe you are registered on CCO...

Please email cco-team@cisco.com to have your correct email address
associated
with your User ID. To ensure you receive prompt attention, please provide
all of the following details:

   1 Maintenance contract or Account number you used in your registration
   2 The user ID your believe you have
   3 Full name
   4 Company name

Please note, your registration may have been disabled if you had not used
the service in the last 6 months. In this case, you may need to perform an
online registration again. You will be advised by email if this is the case.

or

B) If you are not registered, please perform an online registration.
    For an automated reply of general CCO information,
    please email cco-help@cisco.com

Any further inquiries should be directed to cco-team@cisco.com

Thank you

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

• Previous message: Georgi Guninski: "Re: [Full-disclosure] Cisco CCO hacked"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]