Easily fixed
Instead of verifying the fingerprint, Milhouse sends a nonce encrypted under Bart's (actually Nelson's) public key. If Bart were legit he performs a simple operation on the nonce, re-encrypts it with Milhouse's public key and sends it back to him, thereby verifying that he holds his (Nelson's) private key.
The vulnerability is an old one. Bart can't read Nelson's stuff because he doesn't have Nelson's private key. So instead of just verifying a fingerprint, verify the existence of the private key. Kerberos does this (Needham Schroeder protocol).