It is possible, but it depends on what kind of server.
I know there is a security vulnerability in SRCDS where you can obtain the server.cfg file while connecting, and therefor read the config for the rcon password. Of course, if the server owner knows what they are doing, that wont work.
Unfortunately, I do not know how to do this.