Decrypting Password Encryption -HP ALM Product 11
It’s been long time haven’t write any security post but i have come up with security issue on HP ALM Product 11.
While testing HP ALM Product latest version I have found that the password encryption used by the Web Application was weak. I was able to break the Password encryption logic.
What is Encryption ?
In cryptography, encryption is the process of encrypting messages or information in such a way that only authorized parties can read it.
Below is the explanation for it.
Assume, we enter password 111111111111 & 222222222222 and capture the request in BurpSuite.
We can see the encrypted password in the below screenshot (Figure 2 & 3):
Breaking the Encryption Logic
|1st Char||2nd Char||3rd Char||4th Char||5th Char||6th Char||7th Char||8th Char||9th Char||10th Char||11th Char||12th Char|
|Password is 111111111111||132||158||160||157||156||146||136||146||164||121||150||163|
|Password is 222222222222||133||159||161||158||157||147||137||147||165||122||151||164|
After comparing them, we can conclude that the encryption key.
- For understanding the algorithm let us take a simple password 1234
- As 1 character of the 1234 is 1 the encrypted value of it is
- 131(Encrypted Key Value for 1stChar) + 1= 132
- Now we will take 2 character of 1234 which is 2 the encrypted value of it
- 157(Encrypted Key Value for 2stChar)+ 2=159
And so on…
Below is the screenshot for the analysis:
I have reported this issue to HP as responsible disclosure.
Happy Bounty Hunting