Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-36370 - log back

CVE-2021-36370 edited at 31 Aug 2021 08:00:23

Severity

-	Unknown
+	Medium

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Insufficient validation

Description

+	An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity.

References

+	https://midnight-commander.org/ticket/4259
+	https://github.com/MidnightCommander/mc/commit/9235d3c232d13ad7f973346077c9cf2eaa77dc5f

Notes

CVE-2021-36370 created at 31 Aug 2021 07:56:00