id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	blockedby	blocking	branch_state	votes
4259	SFTPFS does not verify server fingerprint (CVE-2021-36370)	andrew_b	andrew_b	"Midnight Commander does not verify the ssh server fingerprint when a sftp connection is established.

In the source code, the fingerprint is caclulated, but the verification step is missing.
"	defect	closed	major	4.8.27	mc-vfs	master	fixed					merged	committed-master