Plugin pre2008/ws_ftp_client_weak_stored_pass.nasl, OID 220.127.116.11.4.1.25618.104.22.16897, is flagging Progress WS_FTP Professional 12.8.7 as vulnerable because its version is less than 2007.0.0.2. Yet it says the fixed version is 12.6, which is less than 12.8.7, which is the latest version available in the 12.x sequence.
The plugin contains this code:
report = report_fixed_ver(installed_version:ftpVer, fixed_version:“12.6”, install_path:loc);
The plugin reports this:
The remote host has a version of the WS_FTP client which use a weak encryption method to store site password.
Upgrade to the newest version of the WS_FTP client.
Installed version: 12.8.7
Fixed version: 12.6
Installation path / port: C:\Program Files (x86)\Ipswitch\WS_FTP 12
WS_FTP Professional has what appear to be two separate version number sequences: 12.x, and 200x. The plugin should distinguish between the two sequences.
See the versions available here: https://docs.ipswitch.com/en/ws_ftp-professional.html