Here is an article has few details
According to the article:-
A scanner was released before anyone had chance to patch it and huge sites like Yahoo! Mail were vulnerable and exposing user passwords to anyone who used Heartbleed against it.
Hashing is irrelevant in this case, as the hash and hash comparison are done on the server side, so the plain text password is stored in memory at some point
The bad part of it is that there’s no way to tell if it’s been exploited as there’s no crash, no damage, it just spits out the data to whoever runs the exploit
The link below has more information:
No comments:
Post a Comment