Project and Portfolio Management Practitioners Forum
cancel
Showing results for 
Search instead for 
Did you mean: 

PPM decrypting password

Mediocre123
Occasional Advisor

PPM decrypting password

Hi,

 

Is it possible to decrypt the passwords in PPM?

9 REPLIES
TurboMan
Member

Re: PPM decrypting password

AFAIK, no way,

Because it is using one-way hashing encryption algorithm, that is the ideal method anyway.

It is using a public key to encrypt which the key is public_key.txt under security directory.

It is always different.

 

But, you can change it as follows.

Get an encripted password with  

 

sh kEncrypt.sh

 

get the encrypted text (excluding leading and trailing #!#  chars),

Update the password field for a particular user in the knta_users  table. 

 

Hope it helps

 

TM

penoles
Regular Collector

Re: PPM decrypting password

As I know, PPM does not use one-way hashing for storing user password in db, The password can be decrypted.

Celil
Esteemed Contributor

Re: PPM decrypting password

Hi,

 

It's MD5, one way encription. It is mean it is not convertable encription method.

 

 

PS: If the post resolves your issue, please KUDOS the professionals and mark it as Accepted Solution.

Celil

IT Governance Professional
& PPM Solution Architect
Mediocre123
Occasional Advisor

Re: PPM decrypting password

Hi,

Any idea on how to do this? Thanks!
AlexSavencu
Honored Contributor

Re: PPM decrypting password

Hi,

 

yes: you can create a script to encrypt all possible combination of characters until the encrypted string matches the one in the database.

 

The above statement is a bit sarcastic, but as per my knowledge, brute force is the only way to crack forward-only encryption.

 

cheers

alex


--remember to kudos people who helped solve your problem
Highlighted
bzdafro
Collector

Re: PPM decrypting password

I have not found a way to show the pasword in PPM 9.x PPM 7.x possibly.
5keeve
Super Collector

Re: PPM decrypting password

I tried this:

1) ./kEncrypt.sh

2) entered the password I wanted

3) copy & pasted everything between #!# into the password field of the user

4) The user could not log in

We recently upgraded to 9.3. Could it be something changed between 9.2 and 9.3 and so this process does not work anymore? Previously this process was working.

5keeve
Super Collector

Re: PPM decrypting password

Found the root cause.

Sorry, but sometimes I feel PPM is a crappy programmed bunch of bugs :D

Passwords encoded with kEncrypt.sh may not contain whitespace.

So instead of

secret password

it encrypted

secret

:(

5keeve
Super Collector

Re: PPM decrypting password

I'm pretty sure kEncrypt.sh encrypted text can be decrypted.

Indicators are:

  1. ElGamal is used which is not a one-way hash but a public key encryption method.
  2. Isn't it also used to store DB credentials in encrypted form? Oracle doesn't know about this encryption so PPM has to decrypt in order to be able to use the password.
//Add this to "OnDomLoad" event