microsoft authenticator app bypass time-based stop otp refreshing

how i bypassed microsoft authenticator time-based stop otp refreshing funny POC

my name is Ahmed a Abdulla

I would like to report stop otp refreshing that allows to an attacker stop refreshing OTP in 30s

and an attacker can brute force account and steal code login all account in one time

an attacker can bypass 2FA via brute force cuz the refreshing OTP is stopped Microsoft authenticator

I test on iPad mini 3 Version 12.4.9

1:- open your account and set up Two-factor verification using Microsoft Authenticator‬

2:- and you need OTP code to login in to your account

3- open app Microsoft Authenticator‬ you will see the code otp is refreshing in 30s to bypass this 30s just scroll down the screen iPad the will stoped the time code

Microsoft does not accept this POC because it’s not risk to the user

lu3ky13 is on @buymeacoffee! 🎉

You can support by buying a coffee ☕️ here —
https://www.buymeacoffee.com/lu3ky13

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How to use Ellipsis LP token on ForTube

BUSINESS AS USUAL WITH GDPR? COMPLYING WITH THE NEW GENERAL DATA PROTECTION REGULATIONS

Database Security: Tips for Keeping Your Database Safe From Hackers

ISO20022 — JSON Schema [PART 4]

HyperFyre v5.1.3 Release

2ndLine MOD APK v22.8.1.0 (Unlocked Premium)

Beware of the Creeper: A Brief History of Computer Viruses

CoinWind Tutorial (BSC)— BitKeep

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ahmad A Abdulla

Ahmad A Abdulla

More from Medium

Zero Click To Account Takeover

Exploiting CVE-2019–5418- File Content Disclosure on Rails

BLIND SSRF

A Curious Glitch in XSS Sanitizing