|
|
|
|
|
|
by nemothekid
4459 days ago
|
|
|
The data being read is the plaintext password being sent from the client. The standard login procedure goes like this: 1.) Client sends Plain text user/pass over SSL -> 2.) Server reads that info to memory -> 3.) Server hashes password and tests hash -> 4.) Server discards plaintext memory. Whats happening here with heartbleed, is you are reading the RAM of the server, so before Yahoo even has the chance to hash the password, this exploit allows you to read the password. Remember, even though Yahoo may only store the hashes in the database, your password (for any service) is still being sent effectively as cleartext. |
|
|