FTP misconfiguration and Cleartext Protocols
A common mistake with FTP is leaving anonymous login enabled. This will allow anyone to login and see the files and folders on the FTP server. Even if servers do not have the anonymous setting enabled, FTP is a cleartext protocol that can be sniffed for passwords and logins. Any cleartext protocol is susceptible to this sort of sniffing.