Decrypting Password Encryption -HP ALM Product 11

Hi All,

It’s been long time haven’t write any security post but i have come up with security issue on HP ALM Product 11.
While testing HP ALM Product latest version I have found that the password encryption used by the Web Application was weak. I was able to break the Password encryption logic.

What is Encryption ?
In cryptography, encryption is the process of encrypting messages or information in such a way that only authorized parties can read it.

Below is the explanation for it.

Assume, we enter password 111111111111 & 222222222222 and capture the request in BurpSuite.
We can see the encrypted password in the below screenshot (Figure 2 & 3):

Breaking the Encryption Logic

 1st Char2nd Char3rd Char4th Char5th Char6th Char7th Char8th Char9th Char10th Char11th Char12th Char
Password is 111111111111132158160157156146136146164121150163
Password is 222222222222133159161158157147137147165122151164
Encryption Key131157159156155145135145163120149162


After comparing them, we can conclude that the encryption key.

For Example:

  • For understanding the algorithm let us take a simple password 1234
  • As 1 character of the 1234 is 1 the encrypted value of it is
  • 131(Encrypted Key Value for 1stChar) + 1= 132
  • Now we will take 2 character of 1234 which is 2 the encrypted value of it
  • 157(Encrypted Key Value for 2stChar)+ 2=159

And so on…

Encryption Key131157159156
Encryption Logic131+1157+2159+3156+4
Encrypted Value132159162160

Below is the screenshot for the analysis:

Encyrpted Value

Encyrpted Value 2

[caption id=“attachment_90” align=“aligncenter” width=“681”]

Breaking the Encryption
Breaking the Encryption[/caption]

I have reported this issue to HP as responsible disclosure.

Happy Bounty Hunting

Vinesh Redkar
Vinesh Redkar
Senior Security Researcher

Security professional with over 9 years of experience in the security domain across various industries such as Finance, Insurance, Telecom, and government