Key exchange without entity authentication
Description
The application ignores host keys, which provide assurance that the client can prove the host is trusted. By ignoring host keys, it is impossible for the client to validate the connection to a trusted host.
Examples
Insecure Code
python
paramiko.SSHClient().set_missing_host_key_policy(paramiko.client.AutoAddPolicy())Secure Code
python
import paramiko
with paramiko.SSHClient() as ssh:
ssh.load_system_host_keys('/home/appuser/.ssh/known_hosts')
ssh.connect(hostname='example.org', port=22, username='appuser', key_filename='/home/appuser/.ssh/private_key')Remediation
Remove the call to `set_missing_host_key_policy(...)` and load key files using either `load_system_host_keys` or `load_host_keys` to only allow known good hosts.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0163 |
| Category | Auth |
| Severity | MEDIUM |
| CWE | CWE-322 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | ssh, host keys |
| OWASP | A5:2017-Broken Access Control, A07:2021-Identification and Authentication Failures |