Description: This event is generated when an attempt to retrieve a specific file, in this case the systems user database from an FTP server is made.
Impact: The attacker may obtain a valid list of user names and/or encrypted passwords from the server.
Corrective: Identify the downloaded file and confirm that it indeed a valid system password file. Change the user passwords on the system and notify the users. Ensure that FTP access to sensitive system files is not allowed.