WatchGuard Firebox SOHO contains a flaw that may allow a remote attacker to gain access to the FTP service. The issue is due to the FTP service not requiring a valid user name to log in. This allows an attacker to more easily brute force a valid password without the need of a matching account. If compromised, the firewall configuration and other sensitive information could be downloaded.
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround:
1) Log on to the firewall http management service
2) Select "Firewall Options"
3) Make sure there is a tick next to the field
"Do not allow FTP access to Trusted Network interface"