It’s been a long time haven’t write any security post but I have come up with a security issue on HP ALM Product 11.
While testing HP ALM Product's latest version I have found that the password encryption used by the Web Application was weak. I was able to break the Password encryption logic.
What is Encryption?
In cryptography, encryption is the process of encrypting messages or information in such a way that only authorized parties can read it.
Below is the explanation for it. Assume, we enter password 111111111111 & 222222222222 and capture the request in BurpSuite. We can see the encrypted password in the below screenshot (Figure 2 & 3):
Breaking the Encryption Logic
After comparing them, we can conclude that the encryption key.
- For understanding the algorithm let us take a simple password 1234
- As 1 character of 1234 is 1 the encrypted value of it is
- 131(Encrypted Key Value for 1stChar) + 1= 132
- Now we will take 2 characters of 1234 which is 2 the encrypted value of it
- 157(Encrypted Key Value for 2ndChar)+ 2=159
- And so on…
Below is the screenshot for the analysis:
I have reported this issue to HP as responsible disclosure.
Happy Bounty Hunting