H3-2020-0005

Anonymous FTP Enabled

Description

Anonymous FTP is enabled on the remote FTP server. When anonymous FTP is enabled, any remote user can connect to the FTP server without providing a password or unique credentials. An attacker would simply need to use "anonymous" as the username and often a blank password to gain access to the server.

Impact

An attacker exploiting this misconfiguration can access and potentially download, upload, or alter files available on the FTP server without authorization. This could lead to unauthorized access to sensitive data or disruption of services.

References

• CWE-284: Improper Access Control
• MITRE ATT&CK Technique: T1021: Remote Services