Thread: J2O Heartbleed Bug Verification
View Single Post
djazz

JCF Member

Joined: Feb 2009

Posts: 257

djazz is OFF DA CHARTdjazz is OFF DA CHARTdjazz is OFF DA CHART

Apr 12, 2014, 12:34 AM
djazz is offline
Reply With Quote
I don't think so since it's a HTTPS+OpenSSL issue. J2O doesnt use encryption so stuff are sent in clear over the internet anyways. J2O seem to store my hashed password in a cookie, and that's not encrypted.
Heartbleed allows the "hacker" to access out of bounds data through OpenSSL. This data is a part of the memory of the server, and could potentially contain passwords or even the server's private key certificate.
I may be wrong though, this is just how I've heard how heartbleed works.

Here's an XKCD illustration of how it works:
__________________
WebJCS 2 (new and in progress)
WebJCS 1 (old but complete)
SGIP Simple Games in Progress list
Level Packer v2 - With a GUI!
PHP Tileset Compiler