An issue was discovered in SmartFoxServer 2.17.0. Cleartext password disclosure can occur via /config/server.xml.
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5627.php
https://www.zeroscience.mk/en/vulnerabilities/
https://www.smartfoxserver.com/
http://packetstormsecurity.com/files/161337/SmartFoxServer-2X-2.17.0-Credential-Disclosure.html