Enabling FXP(.RVL) support can make a server vulnerable to an exploit known as FTP bounce.
As a result of this, FTP server software often has FXP disabled by default.
Some FTP Servers such as glFTPd, cuftpd, RaidenFTPD, drftpd, and wzdftpd support negotiation of a secure data channel between two servers using either of the FTP protocol extension commands; CPSV or SSCN.
However, both methods—CPSV and SSCN—may be susceptible to man-in-the-middle attacks, if the two FTP servers do not verify each other's SSL certificates.
SSCN was first introduced by RaidenFTPD and SmartFTP in 2003 and has been widely[citation needed] adopted.[when?]