Unauthenticated SFTP Server Connection Vulnerability

Unauthenticated SFTP Server Connection Vulnerability

CVE-2021-36370 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity.

Learn more about our Cis Benchmark Audit For Print Devices.