Here is something interesting that Microsoft consistently failed to fix and apparently, they don�t consider this a problem. http://blog.washingtonpost.com/securityfix/2007/08/ftp_files_expose_web_site_cred.html
Note that the issue outlined also affects HTTP/HTTPS functionality as it will disclose original the source of saved files. A quick Google search yielded a couple of FTP passwords, a number of Intranet sites, localhosts, e-mail pages (with potential access further), account setup information, etc. Thank you Microsoft! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
