Scan attack has been known as a threat to Design for Testability (DFT). All the existing attacks require both the normal mode and the test mode of the device. In normal mode the intermediate results of a crypto-hardware are captured in scan chains and in the test mode the results are shifted out. One simple countermeasure for this kind of attacks is to reset the device whenever there is a switch of the mode. A recent test-mode-only attack shows that the mode-reset countermeasure is insecure against scan attack. An attack is still possible using only the test mode of the device. However, the attack was presented without the presence of an on-chip test compactor. In this paper we propose a new test-mode-only attack on AES hardware which works in the presence of an on-chip response compactor. The proposed attack retrieves the secret key with negligible time complexity. The attack results show that DFT infrastructures with response compactor are vulnerable to scan attack even in the presence of mode-reset countermeasure.