I have not heard of this before. Are you certain it is the firewall that is using the incorrect password and getting the user locked out? Perhaps it's another device doing this?
Does the firewall have any other scheduled jobs or backups that might be locking out the user?
Logs from the remote server show that it is only the firewalls making a call to the ftp user in question and at the expected times. Logs also show that the first firewall connects and completes its backup successfully at 0600, but when the second firewall attempts its backup at 0615 the operation fails with 'failed password' and 'failed login' messages. Sendmail then issues mail that confirms an incorrect password attempt with 'permission denied' messages. Resetting the ftp account then allows the scheduled backup to run on both firewalls without any changes so I'm confident that there is no discrepancy in the passwords stored on either of the firewalls.
Struggling to pin down what could possibly change in the space of 15 minutes!
There are a number of other processes running on the ftp server simultaneously but nothing else to the same ftp user. Pretty certain that the server is not low on resource and impacting the ftp user for some reason but as a test I have moved the 0615 backup earlier to when the server is quieter......guesswork mostly.