Attackers could have hooked into connections established with the Midnight Commander file manager. The vulnerable feature was introduced nine years ago. Now there is a security patch.
Eavesdropping on connections
According to a mailing list, the vulnerability (CVE-2021-36370) was discovered in the course of an audit of the software in the SFTP-VFS component. It was noticed that the fingerprints of remote hosts are calculated but not checked.
As a result, an attacker without authentication could look into connections as man in the middle. How this works in detail is not yet known. A classification of the severity of the vulnerability is still pending.
According to a contribution by the Midnight Commander developers, the SFTP VFS feature was introduced nine years ago in version 4.8.4. This suggests that the software has since been vulnerable. It is unclear whether attacks have already taken place. Now the one is secured against it Edition 4.8.27 appeared. According to the entries in the changelog, the developers have also fixed several bugs and optimized the functionality.