A Heartbleed-style memory bug in Squid’s FTP parser let attackers overread memory and steal creds and tokens for decades.