We experienced this once on a private server. Someone "accidentally" ended up in my company even though it was passworded with a reasonably strong password. At the time I assumed the person had somehow guessed it, but they said they had never tried to enter my company, they just "ended up in it".

This was with JGR's patch pack.

We experienced this once on a private server. Someone "accidentally" ended up in my company even though it was passworded with a reasonably strong password. At the time I assumed the person had somehow guessed it, but they said they had never tried to enter my company, they just "ended up in it".

This was with JGR's patch pack.

How recently was this?

I forget the exact date, but I suspect it was around the beginning of March. I guess that means it was based on a beta version of 1.10.0 (since JGR tracks nightlies and not stable versions).

We have talked on and off about this for a while, both in issues and on IRC. We have a hard time finding exactly what is going on .. if it is either brute-force, someone being lucky (by guessing the password), or a bug in the authorization (which we cannot find .. we looked at the code a few times now :P), we do not know. A bug seems unlikely, as it is too sparse for that (by the looks), but the alternatives are not likely either.

However, we intend to remove passwords and replace it with something more secure (see #8420), but this has not been build yet. This will not be in 1.11, but hopefully it will come soon after. This will hopefully also resolve this issue .. at least if not, we can rule out brute-force and "being lucky".

Either way, please keep us posted if this still happens and/or if it gets worse.

FWIW: I'm building and running my own server since the April Fools Day release on Steam and made the following (unexpected) observation:

The company passwords are lost when restarting the server, i.e. they are NOT stored in the exit.sav!
Either I'm doing something wrong or this should be the real issue!

(So if you cronjob'd your server to reboot every night at 3 am there is no brute-forcing going on, the companies are just unprotected then. Just a heads up.)

This is likely 'working as designed'.

I should finish that pubkey PR before next year...

Company passwords are not stored in savegames, that's by design. When you save and reload a game in multiplayer, all companies start out without passwords.

Thanks for the heads up 👍 - I believed I had somehow misconfigured the dedicated server.

Company passwords are not stored in savegames, that's by design. When you save and reload a game in multiplayer, all companies start out without passwords.

I think that is a major problem - it kind of breaks the promise of having the possibility of running a semi-auto dedicated server somewhere in the cloud. (It also kinda subverts the otherwise fantastic save_on_exit feature.)

If there are privacy issues because every client could save their game locally, too (and thus would also get to see their rival's passwords) -- I get that (*).

However the problem isn't so much that the passwords aren't stored in the savegame - but that the passwords aren't stored anywhere at all (in a non-volatile manner)! I wouldn't mind e.g when they were stored in ~/.local/openttd/exit.pass (company passwords on exit -- analogue to exit.sav - savegame on exit)

Motivation:

I'm running my own Linux server somewhere on the interwebs and have openttd-dedicated running as a daemon on boot automatically.
Every early morning a cronjob runs that installs security patches for that server and triggers a reboot.
Because of the nice save_on_exit feature and me providing the exit.sav via the -g argument to load it on startup again -- the current multiplayer game state is never lost.

Oh yeah... almost - because now ALL THE COMPANIES OF MY FRIENDS ARE UNPROTECTED and can be mismanaged by trolls!!

This makes a mockery of the save_on_exit feature - it leads its expectations ad absurdum.

I think this needs a fix asap -- I even wouldn't mind a stupid hack like a map in openttd.cfg consisting of
<company_name>: <company_pw>
where I would have to set them manually once.

(*) at least somewhat - it's a made-up password for a virtual company in a video game!

See the discussion in #8420, it's about this exact issue.
The reason for not saving company passwords in the savegame is that then you can't make the savegame available for others without the passwords being near-trivial to extract for anyone to see. The discussion in #8420 is about adding the required cryptographic features needed to eliminate those problems.

@Sgt-Nukem Question: is your concern that your friends will troll each other, or that a random person will find your server and join a company? If it's the latter, you could set a server-wide password as a workaround. This is persisted across restarts.

As we did not receive any more reports of this issue, I think a brute-force or a password leak of sorts are the most likely case. As mentioned earlier, we cannot find any issues code-wise that could explain this.

If it resurfaces, and people know how to reproduce, please let us know. But given this was only reported for a short moment in time for a few isolated cases, we have little choice but to assume it was just that: isolated cases. Sorry :(