EFTP Nonexistent File Request Installation Directory Disclosure
Medium Nessus Plugin ID 11093
SynopsisThe remote FTP server is affected by an information disclosure vulnerability.
DescriptionThe version of EFTP installed on the remote host reveals its installation directory if sent a request for a nonexistent file. An authenticated attacker may leverage this flaw to gain more knowledge about the affected host, such as its filesystem layout.
SolutionUpgrade to version 3.2 or higher, as it has been reported to fix this vulnerability.