Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <a62846e5-2943-4c17-81da-aab453f3e1e7@oracle.com>
Date: Tue, 5 May 2026 14:53:16 -0700
From: Alan Coopersmith <alan.coopersmith@...cle.com>
To: oss-security@...ts.openwall.com
Subject: Security audit of Paramiko completed, fixes coming in
 5.0 release

https://ostif.org/paramiko-audit-complete/ announces:
> The Open Source Technology Improvement Fund is proud to share the results
> of our security audit of Paramiko. Paramiko is an open source Python
> implementation of the SSHv2 protocol designed for secure remote login and
> other secure network services. Thanks to the help of Quarkslab and
> Alpha-Omega, this project received custom security work reviewing
> Paramiko’s testing, building and CI systems, and cryptography.
> 
> Audit Process:
> 
> The engagement took place in November 2025, with Quarkslab’s audit team
> executing the mission on Paramiko’s testing, building, and CI systems.
> In order to effectively execute this work on critical security features
> of Paramiko, the scope was expanded to include PYCA Cryptography and how
> it interacts with Paramiko critical cryptographic functions, (PYCA)
> Cryptography’s OpenSSL Rust Bindings, and CI/CD CircleCI for Paramiko
> and Github Actions for (PYCA) Cryptography. For Paramiko the engagement
> consisted of manual code review, dependencies review, dynamic testing,
> build systems, testing enhancements, static analysis, and fuzz testing.
> 
> Audit Results:
> 
>   * 30 Findings with Security Impact
>       - 2 High
>       - 7 Medium
>       - 5 Low
>       - 16 Informational
>   * Build and CI/CD Pipeline Review
>   * Testing Enhancements
>       - Implementation of a crypto-condor plug-in to incorporate in the CI
>         for cryptographic compliance and testing of entropy sources
>       - Review  of current testing coverage
>   * SSH RFC compliance review
> 
> The project maintainer worked diligently to address and resolve the issues
> presented by this report, engaging with the audit team to design fix
> solutions aligned with security best practices. Update to the most recent
> release of Paramiko (version 5.0 will release early May 2026) and follow
> documentation in order to take advantage of the hard work of the individuals
> behind Paramiko and Quarkslab. If you’re interested in contributing to
> Paramiko, learn more about them and their community on their website:
> https://www.paramiko.org/ .
> 
> Thank you to the individuals and groups that made this engagement possible:
> 
>   * Paramiko maintainers and community, especially: Jeff Forcier
>   * Quarkslab: Dahmun Goudarzi, Julio Loayza Meneses, Alan Marrec, and
>                Pauline Sauder
>   * Alpha-Omega
> 
> You can read the Audit Report at
> https://ostif.org/wp-content/uploads/2026/05/25-11-2415-REP_paramiko-security-audit_v1.1.pdf
> 
> Everyone around the world depends on open source software. If you’re interested
> in financially supporting this critical work, reach out to contactus@...if.org.


The findings listed in the audit report at higher than "Informational" are:
> HIGH-21 Insecure parameters for digital signatures with RSA
> HIGH-28 Insecure key sizes accepted for Triple DES [in Cryptography]
> MEDIUM-15 Deprecated group exchange method
> MEDIUM-16 Insecure minimum modulus size in Diffie-Hellman group exchange
> MEDIUM-17 Deprecated Diffie-Hellman group
> MEDIUM-18 Deprecated GSS-API key exchange methods
> MEDIUM-22 Use of 8-byte seed for TripleDES key generation
> MEDIUM-24 Wrong type usage in SHA-1 in KexGSSGroup1 and KexGSSGroup14
> LOW-1 CVE impacting black 
> LOW-19 Use of MD5 as a Key Derivation Function 
> LOW-25 Invalid Ed25519 signature causes mishandled exception
> LOW-27 Invalid Ed25519 signature cause transport thread to crash
> LOW-29 Insecure RSA key size allowed RSA Keys in Paramiko and Cryptography
> LOW-30 Server can be instantiated over UDP socket

with these recommendations to resolve them:
> HIGH-21 Remove support for RSA with SHA-1.
> HIGH-28 Reject key sizes that are not 24 bytes.
> MEDIUM-15 Remove support for diffie-hellman-group-exchange-sha1.
> MEDIUM-16 Increase the minimum modulus size to 2048 bits.
> MEDIUM-17 Remove support for diffie-hellman-group1-sha1.
> MEDIUM-18 Remove the deprecated key exchange methods, replacing them with RFC
> 8732 additions.
> MEDIUM-22 Reject 8-byte input for the key initialization of Triple DES.
> MEDIUM-24 Change str(hm) to hm.asbytes() in KexGSSGroup1.
> LOW-1 Update black to version 24.3.0.
> LOW-19 Warn when using this format, recommend the user to save their keys in
> PKCS8 or OpenSSH format instead.
> LOW-25 Either check the length of the signature before calling verify() or handle
> the exception.
> LOW-27 Handle the exception: either catch the nacl.exception.ValueError excep-
> tion or check that the signature has the correct length before calling
> verify().
> LOW-29 Reject RSA keys that are shorter than 2048 bits.
> LOW-30 Add a check in Transport.__init__() to verify that sock is a TCP socket.

-- 
         -Alan Coopersmith-                 alan.coopersmith@...cle.com
          Oracle Solaris Engineering - https://blogs.oracle.com/solaris

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.