how i bypassed microsoft authenticator time-based stop otp refreshing funny POC

my name is Ahmed a Abdulla

I would like to report stop otp refreshing that allows to an attacker stop refreshing OTP in 30s

and an attacker can brute force account and steal code login all account in one time

an attacker can bypass 2FA via brute force cuz the refreshing OTP is stopped Microsoft authenticator

I test on iPad mini 3 Version 12.4.9

1:- open your account and set up Two-factor verification using Microsoft Authenticator‬

2:- and you need OTP code to login in to your account

3- open app Microsoft Authenticator‬ you will see the code otp is refreshing in 30s…

How I Found Sql Injection on 8x8 , Cengage ,Comodo ,Automattic ,intel ,IBM ,MTN Group ,uis.cam.ac.uk ,volvocars.biz ,asus.com

What is SQL injection (SQLi)?

SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any other…

Ahmad A Abdulla

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store