Serious FTP security flaw

The Public folder is set with FTP service running. Within the Folder Share Permissions page, it’s Public Access is NOT enabled. Within same page, it’s access is granted for no group/no user.

Any file is then accessible with anonymous FTP browser syntax.

Example: let say you put a file test.txt in your Public folder, then anyone on earth can access it by entering this line into it’s browser:

ftp://your.IP.address/Public/test.txt

Pay ATTENTION, your private data are just publicly available with WDSharespace running FTP server service.

Edit: firmware version 2.02.93

If you’re the very first one to ever post or notice this since the SS was released over 2 years ago then it’s only working for you and you should have your SS checked or replaced.

Investigations are under way at WD labs. Seems a serious issue.

A serious issue that only you seem to have. 

If you don’t have this security problem then fine, but I think it’s worth for people to check it nevertheless (and WD sharespace users are mostly non specialist consumers).

WD just acknowledged it. They told me that the WD Sharespace is not made for *advanced* FTP traffic.

So guys be warned. Securing your data is advanced stuff not fullfield by WD Sharespace. Now I’m looking forward to getting a fix or I will definitely consider this as deceiving the consumer.

End of the story. The guys at WD don’t even know how to fix it - or just don’t care. Their last answer was:

“Sorry, we don’t offer any support for running the Sharespace with FTP service”.

Anyway, I already gave up with the Sharespace and WD and went towards Synology. Good luck for you guys and take care.