Is there any way to hack by knowin username?

Long answer, is yes you can be hacked if someone has your username; Short answer no because most people won't go to this extent or don't know how.

Even if this isn't possible (which I think it should be) a DLL could be injected into the CO Client, and consistently try serval strings using characters from the ANSI family.

For example, the first characters value (hex) would be "00", then the next time "01" once it reaches "ff" it next tries "0001", now they're two characters it's trying with. And it'll continue this cycle. Everytime it generates a random string, it could simply call the address of where the 'Login' button procedure is located at using a disassembler.

So really depends how good of a "hacker" you think that person is, 'cause I don't know alot of people who'd know how to do this, let alone spend the time doing it; make about 3 or 4, 5 at most.

There is one way, takes alot of times to be honest but works. It works like this, A program would enter a password starting with 10 letters and numbers since that is the minimum and it would type for example aaaaaaaaaa and then AAAAAAAAAA and so on this would take ages since mathematically it would work like this.
There are 28 letters I belive in an english alphabet? I may be wrong, and also to lazy to count but let's say it is allright? Since there exists capital letters aswell we have to dubble the picks the program will later do, 28 * 2 being 56 and we also got numbers from 0 to 9 that is 10 numbers, so totaly 66 signs to pick from. If there are more just at it to the 66 anyway, then to start with there will be 10 times the program will choose (as a minimum) so it will be like this 66^10 since it,s 66 x 66 x 66 x 66 x 66 x 66 x 66 x 66 x 66 x 66, and 66^10 is = 1568336880910795776, and if you want to know how many tries it takes as most to crack a 14 sign password it would be 66^14 obviously. Now if you would know certain information like if he only uses capital letters or only numbers or only small letters it would help alot, the easiest it could be is if you know he only uses numbers and it's a 10 sign password so it will be 10^10 only a 10000000000 tries (atleast less then the first we got.)

Yes I know the tries seem to be ALOT, but It's pretty easy to make a clientless program that could connect to the server by typing diffrent passwords all the time and in just a few seconds establish if it's the correct or wether to try another and you could run about a thousand of theese since they are so low on ram and it would be atleast a thousand tries per second, and ofcourse you need a database where each of theese programs can save which ones they have tried so they wont try the same over again. Simple and very effective ;), Also who said you can only try a thousand at a time? You can make it much more advanced and make it ALL into 1 single program trying up to 10 thousand a time. There would be ALOT of traffic going on with your bandwitch but yes as you see you can do infinite crazy things.