WinFTP Server user.wfd Cleartext Authentication Credential Disclosure
Local Access Required
Loss of Confidentiality
WinFTP Server contains a flaw that may lead to an unauthorized information disclosure. The problem is that user credentials are stored in plaintext in the "data\user.wfd" file that is readable by all local users on the system, which will disclose sensitive information resulting in a loss of confidentiality.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround:
Grant only trusted users access to affected systems.