Decrypting Password Encryption -HP ALM Product 11

Decrypting Password Encryption -HP ALM Product 11

Hi All,

It’s been a long time haven’t write any security post but I have come up with a security issue on HP ALM Product 11.

While testing HP ALM Product's latest version I have found that the password encryption used by the Web Application was weak. I was able to break the Password encryption logic.

What is Encryption?

In cryptography, encryption is the process of encrypting messages or information in such a way that only authorized parties can read it.

Below is the explanation for it. Assume, we enter password 111111111111 & 222222222222 and capture the request in BurpSuite. We can see the encrypted password in the below screenshot (Figure 2 & 3):

Breaking the Encryption LogicScreen Shot 2022-03-01 at 12.53.34 PM.jpg

After comparing them, we can conclude that the encryption key.

For Example:

  • For understanding the algorithm let us take a simple password 1234
  • As 1 character of 1234 is 1 the encrypted value of it is
  • 131(Encrypted Key Value for 1stChar) + 1= 132
  • Now we will take 2 characters of 1234 which is 2 the encrypted value of it
  • 157(Encrypted Key Value for 2ndChar)+ 2=159
  • And so on…

Screen Shot 2022-03-01 at 12.54.17 PM.jpg

Below is the screenshot for the analysis: Encyrpted-Value.jpeg Encyrpted-Value-2-.jpeg Breaking-the-Encryption.jpeg

I have reported this issue to HP as responsible disclosure.

Happy Bounty Hunting