NASA neglected to secure some key systems:
The audit uncovered other servers that exposed encryption keys, encrypted passwords and user-account information, all of which would allow attackers to gain unauthorized network access. The information could have been used to target personnel with phishing attacks and or emails containing malware.
The audit was focused on only mission-critical systems and did not assess the broader agency-wide network or systems that weren’t connect to the Internet.
One server was found to be vulnerable to FTP-bounce attacks, according to the report. Attackers exploit the FTP protocol in a man-in-the-middle-style attack to request access to a network port. This technique can be used to port scan hosts or access specific ports not directly accessible.