An issue exists in Midnight Commander up to and including 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
midnight-commander midnight commander |