Before OpenSSH 8.0, SCP could not verify file integrity during transfers, leaving users exposed to unauthorized overwrites and injection attacks if their server was compromised (CVE- 2019-611).