Unrated severityNVD Advisory· Published Aug 30, 2021· Updated Aug 4, 2024
CVE-2021-36370
CVE-2021-36370
Description
An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- Midnight Commander/Midnight Commanderdescription
- Range: <=4.8.26
- osv-coords3 versionspkg:rpm/opensuse/mc&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/mc&distro=openSUSE%20Tumbleweedpkg:rpm/suse/mc&distro=SUSE%20Package%20Hub%2015%20SP3
< 4.8.27-bp153.2.3.1+ 2 more
- (no CPE)range: < 4.8.27-bp153.2.3.1
- (no CPE)range: < 4.8.27-1.1
- (no CPE)range: < 4.8.27-bp153.2.3.1
Patches
Vulnerability mechanics
References
6- docs.ssh-mitm.at/CVE-2021-36370.htmlmitrex_refsource_MISC
- github.com/MidnightCommander/mc/blob/5c1d3c55dd15356ec7d079084d904b7b0fd58d3e/src/vfs/sftpfs/connection.cmitrex_refsource_MISC
- github.com/MidnightCommander/mc/blob/master/src/vfs/sftpfs/connection.cmitrex_refsource_MISC
- mail.gnome.org/archives/mc-devel/2021-August/msg00008.htmlmitrex_refsource_MISC
- midnight-commander.orgmitrex_refsource_MISC
- sourceforge.net/projects/mcwin32/files/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.