CVE-2010-0401 Information

Description

OpenTTD before 1.0.1 accepts a company password for authentication in response to a request for the server password which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (daemon crash) by sending a company password packet.

Reference

http://bugs.openttd.org/task/3754 http://secunia.com/advisories/39669 http://security.openttd.org/en/CVE-2010-0401