Unspecified vulnerability in Player vs. Player Gaming Network (PvPGN) before 1.6.4 allows remote attackers to obtain attributes of arbitrary accounts, including the password hash, via certain statsreq packets.
https://exchange.xforce.ibmcloud.com/vulnerabilities/17094
http://www.securityfocus.com/bid/11035
http://securitytracker.com/id?1011050