password disclosure

In order to open a ticket and send a support request it is necessary to register and set a password. Imagine my astonishment when in the confirmation e-mail I received after submitting a ticket I found my password written out. A security company is the last place where I would have expected violation of secrecy by disclosing my password. I use i-Vault and other measures to keep all my pw’s secret and here the company itself violates confidentiality.

I opened another support ticket to report this and again in the confirmation e-mail my pw is listed.
I wonder what this says about the security of i-Vault in particular and other Comodo security programs in general.
Needless to say I have not yet received any response from support.


What do you mean open a ticket to send a report request? If you are contacting Comodo support then you just email


Not any more. If you only send an e-mail you get the following response:

Please Note: Your ticket has not been accepted into the system.

We are committed to delivering high quality services across the entire Comodo group of companies, PSoft, Trustfax and Comodo CA.

We operate a registration based system, please register at the following URL to submit any issues via Email:


Once registered, you will be able to submit any issues directly by sending us Email. We are sorry for any inconvenience this may have caused.

Technical Support

Comodo Technical Support

You have to register at and then open a support request ticket. After registering it may also be possible to open a ticket by sending e-mail . After opening a ticket by whatever means a confirmation e-mail is sent. Here is a copy (I have hidden personal information):

Baruch, Your Ticket has been received and a member of our staff will review it and reply accordingly. Listed below are details of this Ticket. Please make sure the Ticket ID remains in the subject at all times.

Ticket ID: xxx-xxxxxxxx
Subject: disclosure of password
Department: Desktop Software
Priority: Default
Status: Open

You can check the status of or reply to this Ticket online at:****
Password: **********

Please do let us know if we can assist you any further,


As you can see the confirmation e-mail lists the password.

The new support system that we’ve just rolled out is part of a gamut of process improvements we’re making internally (and externally) to be able to provide even better service going forward. In fact, if you go to you’ll see that we’ve added a few new features to our website to make it easier for our users to find the information they’re looking for. (The myriad of links to the forum for the CPF questions is also a testament to how much we value the information and knowledge that our users bring to the table.)

As always, I’d be grateful for any thoughts, constructive criticism or suggestions about the new system we’ve implemented.

For a start please ensure that confidential information such as passwords is not included in e-mails.

Hi Paulo,

I’ve just checked out the new system and it looks great ;). I don’t think sending the password is a problem, but I can understand why some may not like it.


I don’t know if it is a problem or not, especially since this is a forum not a bank. Still, intuitively it doesn’t seem right especially coming from a security company. I know that in most forums a request to recall a password is generally answered straight away, but then the user knows he is asking for it. Here it is just being volunteered for no reason at all, and this isn’t the forum, it is the customert service site which is more likely to contain private information. Moreover there are ways to provide a forgotten password without explicitly putting it into an e-mail. I can understand that for a site like this it may not be strictly necessary, but please Mr. Comodo, appearances count for something also.

P.S. As to the content of the support site, I agree with Mike6688 that it looks like it will be very useful and a great assistance for us users.

r2baruch: Your point is a very valid one - and one I didn’t address in my original post since I read through it too quickly, apologies. I’ll investigate if this is an option can be disabled in the system, and if not, how we can address it otherwise. I agree we shouldn’t have passwords floating around - it’s just bad form.