Security Question

Good morning, I am writing to you, as indicated in the product safety documentation, since we have undergone one of the usual pentesting audits in the company network and by the auditor or pentester we are reported a security problem based In the following evidence:

Obtained after a simple scan of the network with the Nmap tool without more techniques or discovery vectors.

After reviewing multiple product documentation, I have not seen in any of them that it was possible to give the situation that is evident, with the use of the port 2020 on the one hand and on the other with obtaining sessions "cached" or existing in the Machine from where the connections are made, which was where I detected this circumstance, so I need your help to understand what it has really been able to happen, if the product somehow caches the sessions or if still despite Of being described in the documentation that the communications are encrypted with strong and safe algorithms, there is some data breach or 0Day, that is being able to produce.

We have also considered the possibility that the reading that has been shown could be obtained from some element of network communication that is caching the connections (switch with defective configurations, etc.), but it is not justified if the traffic is encrypted point by point That can be intercepted in clear with a simple scanning of ports.

I thank you for any help or support you can give us with this issue that concerns us, as it makes us question the ideoneidad of your tool for the security conditions demanded in our network.

Awaiting your comments.