Pwnie Awards 2017

The 2014 Pwnie Award For Best Server-Side Bug


Neel Mehta Codenomicon

The Heartbleed vulnerability was unleashed in April this year, starting a trend of giving vulnerabilities names, websites and logos. It was also a cool bug. This bug had a significant impact to both Yahoo! webmail users and any firm using Amazon’s Elastic Load Balancers (ELBs). For almost a full day, anyone visting the Yahoo! webmail application or an ELB-backed cloud service was at risk of having thier cleartext credentials exposed. Yahoo! approached this problem by forcing password resets. The other 10,000+ companies using ELB likely did not.