213
96%

Ran 20 May 2014 08:27PM UTC

Jobs 3

Files 26

Run time 10min

Badge

Embed ▾

pending completion

Build # 213

Build Type

push

travis-ci

Committed by

Bouke

Commit Message

Fixed #54 -- Mitigate voicemail hack

See also [this blogpost][1] which uses the victim's voicemail
service to access OTP tokens. When the call goes to voicemail, the
tokens can be access through a vulnerable voicemail service (e.g.
requiring no PIN). Then the attacker will have access to the tokens
and is able to login. When requiring interaction (e.g. pressing a
button), this type of attack can be disarmed. Major services like
Google and Yahoo are still vulnerable to this type of attack.

[1]: http://shubh.am/how-i-bypassed-2-factor-authentication-on-google-yahoo-linkedin-and-many-others/

Run Details

763 of 773 relevant lines covered (98.71%)

2.87 hits per line

Jobs

ID	Job ID	Ran	Coverage
1	213.1 (DJANGO=1.4 COVERAGE=YES)	20 May 2014 08:27PM UTC	96.77	Travis Job 213.1
13	213.13 (DJANGO=1.7b3 COVERAGE=YES)	20 May 2014 08:36PM UTC	94.83	Travis Job 213.13
14	213.14 (DJANGO=1.7b3 AUTH_USER_MODEL=tests.User YUBIKEY=YES COVERAGE=YES)	20 May 2014 08:38PM UTC	95.47	Travis Job 213.14

Source Files on build 213

Detailed source file information is not available for this build.

Bouke / django-two-factor-auth / 213
96%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 213

Bouke / django-two-factor-auth / 213 96%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 213

Bouke / django-two-factor-auth / 213
96%

README BADGES
x