GEN:SID 1:1166
Message WEB-MISC ws_ftp.ini access
Summary This event is generated when an attempt is made to download the file ws_ftp.ini
via a web request.
Impact Serious. Information Disclosure.
Detailed Information When a user of WS_FTP chooses "save password" when connecting to an FTP
server, the password is stored in the file ws_ftp.ini which may be
accessible via a web server. The stored passwords use a weak encryption
scheme that is easy broken.
Affected Systems  
Attack Scenarios An attacker might be able to retrieve the file, use one of the widely
available password cracking tools and gain valid login information to
the server.
Ease of Attack Simple.
Corrective Action Check the host for signs of compromise.

Change all passwords used on the host.

Disallow the use of ftp on the server, consider the use of scp to
transfer files.
Additional References  
Rule References bugtraq: 547
cve: 1999-1078