[原文]FTP client in Midnight Commander (mc) before 4.5.11 stores usernames and passwords for visited sites in plaintext in the world-readable history file, which allows other local users to gain privileges.
Midnight Commander (mc) contains a flaw that may lead to an unauthorized password exposure. The issue is due to the program storing usernames and passwords for visited sites in the world-readable history file $HOME/.mc in plaintext. It is possible that the flaw could allow a malicious user to gain elevated privileges, which may lead to a loss of confidentiality and/or integrity.
Upgrade to version 4.5.11 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.