Authors Dahmun Goudarzi, Julio Loayza Meneses
Category Cryptography
Tags audit, OSTIF, software, cryptography, paramiko, ssh, 2026
The OSTIF collaborated with Quarkslab to conduct a security audit of Paramiko, a pure-Python implementation of SSHv2 that provides both client- and server-side functionality. Given the sensitivity and importance of the target, the review focused not only on Paramiko itself but also on its dependencies. The assessment covered its interaction with rust-openssl bindings, the use of secure entropy sources, adherence to constant-time requirements, as well as code quality, testing practices, and the CI/CD pipeline, with the goal of identifying opportunities for further hardening.
Introduction
Paramiko is a pure-Python implementation of SSHv2 that provides both client- and server-side functionality. It serves as the foundation for the high-level SSH library Fabric and is widely regarded as one of the most popular SSH solutions in the Python ecosystem.
The Cryptography library, for its part, offers Python developers access to a broad range of cryptographic algorithms and primitives. It is a widely adopted Python/Rust library with more than 25,000 known dependencies.
The engagement between OSTIF, Paramiko, and Quarkslab involved a comprehensive assessment of the Paramiko library, along with a detailed analysis of how Cryptography interacts with the rust-openssl bindings, the reliability of entropy sources, constant-time execution requirements, code quality, testing practices, and the CI/CD pipeline. Recommendations were provided to strengthen each of these areas.
The report describes the steps of the vulnerability research we conducted.
Scope
The Paramiko library is designed to be compact, easy to understand, and limited in functionality to minimize the attack surface. Attacks on SSH implementations are well researched and documented, so OSTIF will direct its efforts towards examining Paramiko’s testing, building, and CI systems. This will lead to sustainable enhancements in the library’s resilience. It will also examine how the Paramiko initiative ensures that its dependencies are properly implemented. Finally, a manual code review will be conducted to verify correctness and that Paramiko is not vulnerable to known attacks from other SSH implementations.
The Cryptography library boasts a vast array of features and functions, encompassing numerous use cases. Despite its extensive attack surface, this is made possible through the integration of OpenSSL (via rust-openssl). As such, evaluating the Cryptography library amounts to examining the proper utilization of rust-openssl’s capabilities, rather than re-examining cryptographic primitives from the ground up. This review of the library should be initially triaged to focus on the use cases that affect Paramiko. All remaining time and resources that are available after the review of the Paramiko use-case should be used in a time-boxed and risk- based approach to evaluate the rest of the Cryptography project.
OpenSSL and rust-openssl themselves are not part of this evaluation, only how they are invoked by Cryptography and Paramiko. If a researcher finds a potential bug in OpenSSL or rust-openssl incidentally during this research, they are free to investigate the issue, report it responsibly and include their findings in the final report. However, this engagement is not a review of OpenSSL nor rust-openssl.
Findings
The table below summarizes the findings of the audit. A total of 30 vulnerabilities were identified: 2 of high severity, 6 of medium severity, 6 of low severity and 16 of informatives issues.
| ID | Title | Severity | Perimeter | Fix commit |
|---|---|---|---|---|
| HIGH-21 | Insecure parameters for digital signatures with RSA | High | paramiko/rsakey.py. | a448945 |
| HIGH-28 | Insecure key sizes accepted for Triple DES | High | TripleDES in Cryptography | https://github.com/pyca/cryptography/pull/13928 |
| MED-15 | Deprecated group exchange method | Medium | paramiko/kex_gex.py | 9bf5fca |
| MED-16 | Insecure minimum modulus size in Diffie-Hellman group exchange | Medium | paramiko/kex_gex.py | 6fa1556 |
| MED-17 | Deprecated Diffie-Hellman group | Medium | paramiko/kex_group1.py | 9bf5fca |
| MED-18 | Deprecated GSS-API key exchange methods | Medium | paramiko/kex_gss.py | 1ecc933 |
| MED-22 | Use of 8-byte seed for TripleDES key generation | Medium | Encryption | https://github.com/pyca/cryptography/pull/13928 |
| MED-24 | Wrong type usage in SHA-1 in KexGSSGroup1 and KexGSSGroup14 | Medium | paramiko/kex_gss.py | 9bf5fca |
| LOW-1 | CVE impacting black | Low | Development | / |
| LOW-19 | Use of MD5 as a Key Derivation Function | Low | paramiko/pkey.py | acd4bc1 |
| LOW-25 | Invalid Ed25519 signature causes mishandled exception | Low | ed25519key.py | / |
| LOW-27 | Invalid Ed25519 signature cause transport thread to crash | Low | paramiko/ed25519key.py | / |
| LOW-29 | Insecure RSA key size allowed | Low | RSA Keys in Paramiko and Cryptography | / |
| LOW-30 | Server can be instantiated over UDP socket | Low | paramiko/transport.py | / |
Conclusion
Quarkslab has been mandated on behalf of OSTIF to perform the first public security audit of Paramiko performed by an audit firm. Since critical security features of Paramiko involve cryptographic primitives, the scope was expanded to PYCA Cryptography and, more specifically, how Paramiko uses it.
Our work was primarily focused on a detailed, in-depth static analysis, identifying and developing targeted test enhancements, and dynamic testing where possible. We also addressed potential security risks in the CI/CD pipeline to ensure a secure and robust deployment process. During the audit period, we found a few issues, but nothing that raises security concerns for Paramiko or Cryptography.
To date, previously identified vulnerabilities have been reviewed and successfully remediated, reflecting a sustained commitment to improving the security posture and overall resilience of Paramiko.
We truly enjoyed collaborating with the OSTIF and we extend our sincere thanks to Jeff Forcier for his availability, responsiveness, and the constructive discussions that made this collaboration so effective.