CVE-2010-0401
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
05/05/2010
Last modified:
11/04/2025
Description
OpenTTD before 1.0.1 accepts a company password for authentication in response to a request for the server password, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (daemon crash) by sending a company password packet.
Impact
Base Score 2.0
6.50
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:openttd:openttd:*:*:*:*:*:*:*:* | 1.0.0 (including) | |
| cpe:2.3:a:openttd:openttd:0.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openttd:openttd:0.1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openttd:openttd:0.1.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openttd:openttd:0.1.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openttd:openttd:0.2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openttd:openttd:0.2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openttd:openttd:0.3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openttd:openttd:0.3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openttd:openttd:0.3.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openttd:openttd:0.3.2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openttd:openttd:0.3.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openttd:openttd:0.3.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openttd:openttd:0.3.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openttd:openttd:0.3.6:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page