Depending on the nature of the S/FTP connection information disclosed, an attacker can mount one or more of the following types of attacks.
- Access the web server or data resources.
- Access password protected administrative mechanisms such as "dashboard", "management console" and "admin panel" potentially leading to full control of the application.