Decrypting Password Encryption -HP ALM Product 11

Hi All,

It’s been long time haven’t write any security post but i have come up with security issue on HP ALM Product 11.
While testing HP ALM Product latest version I have found that the password encryption used by the Web Application was weak. I was able to break the Password encryption logic.

What is Encryption ?
In cryptography, encryption is the process of encrypting messages or information in such a way that only authorized parties can read it.

Below is the explanation for it.

Assume, we enter password 111111111111 & 222222222222 and capture the request in BurpSuite.
We can see the encrypted password in the below screenshot (Figure 2 & 3):

Breaking the Encryption Logic

	1st Char	2nd Char	3rd Char	4th Char	5th Char	6th Char	7th Char	8th Char	9th Char	10th Char	11th Char	12th Char
Password is 111111111111	132	158	160	157	156	146	136	146	164	121	150	163
Password is 222222222222	133	159	161	158	157	147	137	147	165	122	151	164
Encryption Key	131	157	159	156	155	145	135	145	163	120	149	162

 

After comparing them, we can conclude that the encryption key.

For Example:

• For understanding the algorithm let us take a simple password 1234
• As 1 character of the 1234 is 1 the encrypted value of it is
• 131(Encrypted Key Value for 1stChar) + 1= 132
• Now we will take 2 character of 1234 which is 2 the encrypted value of it
• 157(Encrypted Key Value for 2stChar)+ 2=159

And so on…

Password	1	2	3	4
Encryption Key	131	157	159	156
Encryption Logic	131+1	157+2	159+3	156+4
Encrypted Value	132	159	162	160

Below is the screenshot for the analysis:

[caption id=“attachment_90” align=“aligncenter” width=“681”]

Breaking the Encryption[/caption]

I have reported this issue to HP as responsible disclosure.

Happy Bounty Hunting