A vulnerability has been reported in some versions of the Quake II server.
While variable expansion is normally performed on the client side, a modified client may pass unexpanded variables such as $rcon_password to the server. The server will expand these variables within it's local context, potentially leaking sensitive information to the remote attacker.
Exploit: Redix has contributed exploit details:
you must modify your q2 client, that the client will not replace the $... variables in says
change the line
Cmd_TokenizeString (text, true);
Cmd_TokenizeString( text, false);