[原文]NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via "ps aux," which displays the URL in the process list.
NcFTP Client contains a flaw that may allow a malicious user to see other users' passwords using "ps". The issue is triggered anytime the NcFTP client is used with a FTP URL. It is possible that the flaw may allow passwords to be exposed resulting in a loss of confidentiality.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Supply all user credentials in interactive mode.