The remote host is running a version of WS_FTP earlier than 8.8.8. It is, therefore, affected by multiple vulnerabilities: In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only. a path traversal vulnerability in the Web Transfer Module allows a attacker with certain user privilages to craft an API call to that allows them to download a file from an arbitrary folder host's root folder is located Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version…Read More