CVE-2010-0401 (GCVE-0-2010-0401)

Vulnerability from cvelistv5 – Published: 2010-05-04 18:00 – Updated: 2024-09-16 17:48
VLAI?
Summary
OpenTTD before 1.0.1 accepts a company password for authentication in response to a request for the server password, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (daemon crash) by sending a company password packet.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://security.openttd.org/en/CVE-2010-0401 x_refsource_CONFIRM
http://secunia.com/advisories/39669 third-party-advisoryx_refsource_SECUNIA
http://bugs.openttd.org/task/3754 x_refsource_CONFIRM
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:45:12.273Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://security.openttd.org/en/CVE-2010-0401"
          },
          {
            "name": "39669",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39669"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.openttd.org/task/3754"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenTTD before 1.0.1 accepts a company password for authentication in response to a request for the server password, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (daemon crash) by sending a company password packet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-05-04T18:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://security.openttd.org/en/CVE-2010-0401"
        },
        {
          "name": "39669",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39669"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.openttd.org/task/3754"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-0401",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OpenTTD before 1.0.1 accepts a company password for authentication in response to a request for the server password, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (daemon crash) by sending a company password packet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://security.openttd.org/en/CVE-2010-0401",
              "refsource": "CONFIRM",
              "url": "http://security.openttd.org/en/CVE-2010-0401"
            },
            {
              "name": "39669",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/39669"
            },
            {
              "name": "http://bugs.openttd.org/task/3754",
              "refsource": "CONFIRM",
              "url": "http://bugs.openttd.org/task/3754"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-0401",
    "datePublished": "2010-05-04T18:00:00Z",
    "dateReserved": "2010-01-27T00:00:00Z",
    "dateUpdated": "2024-09-16T17:48:46.586Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-0401\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-05-05T13:22:54.927\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenTTD before 1.0.1 accepts a company password for authentication in response to a request for the server password, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (daemon crash) by sending a company password packet.\"},{\"lang\":\"es\",\"value\":\"Versiones de OpenTTD anteriores a v1.0.1 aceptan una contrase\u00f1a corporativa para autenticaci\u00f3n en respuesta a una petici\u00f3n a la contrase\u00f1a del servidor, permite a usuarios autenticados remotamente evitar restricciones de acceso establecidas o causar una denegaci\u00f3n de servicio (ca\u00edda del demonio) enviando un paquete de contrase\u00f1a corporativa.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.0.0\",\"matchCriteriaId\":\"93B03F52-1C6C-489F-B473-51772289CBDC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"499EFCAE-9309-4C26-A846-10396CBC628D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6908E44D-3553-430D-B870-266971DC0D17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEBDEF33-48E4-42F4-A725-838DA9191334\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"422B0D3E-503C-4CA6-83B9-4FC58BA898C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46557BD6-66A0-4892-9468-687A4B63F5B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A186C5E-ACAA-47C8-9FA0-133E9D7F2900\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24094775-BAF9-4C2E-8C38-86916E22B5A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7CF73FA-09F6-4CE5-932E-BA6B43D66F1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77E87583-5769-4114-94F7-043897DA0FC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.3.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"718E8C39-A59C-4576-B00D-31A8F0C1762C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83B1A7D7-D920-41F3-8DE9-D39007DDDEFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"327B826F-0F4E-420D-8C93-4551A4B9F190\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE12C455-5CA0-4581-A3F3-CC8867CCEEE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DC5E23E-3A14-49B4-A676-AAA96F25D01D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8520357A-27AF-4F48-9095-773F75AAC408\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F65EA852-3C46-47D6-8D6B-DC3546165CC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4441B6D-1A48-4DD4-AAAB-FC3B5F00DE4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"985D96E7-0BAE-46DF-A1E2-BD4585C6CABF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73062670-5CB9-4AB8-B45D-21E0D557FD49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"876A0BCB-F792-4A21-85AB-5D7D63C3E987\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97BFB677-F29E-451E-855A-452F8AE0A9D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.4.8:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"99308463-E1A6-4018-819E-29043BFE8886\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF5AEFDA-322E-49CD-AE94-82020B9B7AE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.5.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AF50B50-ED50-4BCD-8BAE-9161911A0FCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.5.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3485EF5-F3DF-4622-92D9-B092F46D5AFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.5.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"12EB77E6-94D0-4980-B392-59ACABEDB8D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.5.0:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"3051AB9F-5C64-4D95-805F-8575B5BD39D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.5.0:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"494DD878-5854-49DC-A0E1-2904D70582EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFD07BE5-47E4-47E6-B6A2-CEC2BCC3E383\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.5.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A5AA729-0198-4644-9810-E501C3C47EE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.5.1:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D5EC680-4686-4C04-957E-B597A1563F1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.5.1:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2C02877-6FE8-4C98-9AB6-5E4D1AC49FFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89325227-4E0A-49FA-83C1-D0D5E2CEF45D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.5.2:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"21763CB0-1FFA-4FF4-AA6F-47614E8BEEB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A151DBA9-3A94-431F-BC22-C86E4268263B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.5.3:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7246859E-A6CF-4617-A37A-BF17849D43F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.5.3:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"85FA63BC-2292-49F8-A0E1-34C8497236C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.5.3:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"78365F07-CF44-48FD-B048-2F510D147D0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CBAD231-4365-4A5F-9FD8-1EE13F7FC8A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.6.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B052159B-4CFF-47DE-A1B7-35C467AD73BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.6.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDF5228B-B99A-4E4E-A66F-59275A36B28E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.6.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E5F1FE7-ADCB-42AD-AB99-0F17AD8E2FE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.6.0:beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD6E4B8D-6C12-4053-A8D2-F64F92AF733A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.6.0:beta5:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B9BDCD3-85B9-4C17-B625-FC7F62450FB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.6.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8648A48E-BCF9-4B34-B1FF-16B780C2797D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B0C66D6-F933-43B1-8BC0-72625E70442C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.6.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"72070978-F3B9-46D6-A3FD-0932D751AD86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.6.1:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D6483EA-FC98-4367-A34B-795F858815E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.6.2:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAE2A501-3F40-4BFD-B600-AD122BB8EFD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.6.2:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D49CDF39-F0F2-4B48-87FC-4F984D439497\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openttd:openttd:0.7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E1E187C-6F26-4604-9720-0C516E8BAF9E\"}]}]}],\"references\":[{\"url\":\"http://bugs.openttd.org/task/3754\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/39669\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.openttd.org/en/CVE-2010-0401\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://bugs.openttd.org/task/3754\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/39669\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.openttd.org/en/CVE-2010-0401\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.