Isira_Adithya

**Name of the Vulnerable Software and Affected Versions** WS FTP Server versions prior to 8.8.9 **Description** The issue is related to an incorrect implementation of the authentication algorithm in the Web Transfer Module, allowing users to bypass the second-factor verification and log in using only their username and password. **Recommendations** For versions prior to 8.8.9, update to version 8.8.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the Web Transfer Module until the update is applied.

**Name of the Vulnerable Software and Affected Versions** WS FTP Server versions prior to 8.8.8 **Description** A missing critical step in the multi-factor authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with `username` and `password` only. **Recommendations** For WS FTP Server versions prior to 8.8.8, update to version 8.8.8 or later to resolve the issue. As a temporary workaround, consider disabling the Web Transfer Module until a patch is available. Restrict access to the module to minimize the risk of exploitation. Avoid relying solely on `username` and `password` for authentication until the issue is resolved.