Hello. I just recently found an Unreal (and Unreal Tournament'99) bug. When you query any server through the UDP protocol (like the browser would do to gain playerlist, playernumber, mapname etc.) with message "\player_property\password" without the quotation marks, the server will send back every player's password variable value, because the password variable is not defined private. Therefore, if a server is password protected and there are players on it, it's possible to get the password. If an admin joins his server typing his admin password as the game password, his password variable will contain the admin password, therefore it's an even bigger threat. You might want to fix this in your patch, or inform people who are responsible for creating protection tools. (I don't have many contacts in Unreal community) Thank you for your time.
Greetings, Neo_b