Windows NT FTP Server (WFTP) Error Message Server Path Disclosure
Remote / Network Access
Loss of Confidentiality
WFTPD and WFTPD Pro contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious user types %C during a remote ftp session, which returns an error message disclosing the physical path of the directory resulting in a loss of confidentiality.
Upgrade to version 2.41 RC13 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.