Manfred Kaiser

**Name of the Vulnerable Software and Affected Versions** MobaXterm versions prior to 22.1 **Description** The issue occurs when aborting a SFTP connection, where a hardcoded password is sent to the server. This can be treated as an invalid login attempt by the server, potentially leading to a Denial of Service (DoS) for the user if services like fail2ban are used. **Recommendations** For versions prior to 22.1, update to version 22.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Dropbear versions through 2020.81 **Description** An issue in the client-side SSH code allows an SSH server to change the login process in its favor due to a non-RFC-compliant check of available authentication methods. This can bypass additional security measures such as FIDO2 tokens or SSH-Askpass, enabling an attacker to abuse a forwarded agent for logging on to another server unnoticed. **Recommendations** For Dropbear versions through 2020.81, update to a version later than 2020.81 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Midnight Commander versions through 4.8.26 **Description** The issue is related to the lack of server fingerprint checking and display in Midnight Commander. This allows a remote attacker to potentially compromise data integrity by connecting to a server without verifying its authenticity. When establishing an SFTP connection, the server's fingerprint is neither checked nor displayed, resulting in the user being unable to verify the server's authenticity. **Recommendations** For Midnight Commander versions through 4.8.26, consider disabling SFTP connections until a patch is available to address the lack of server fingerprint verification. As a temporary workaround, users should manually verify the server's authenticity before establishing a connection.