microsoft authenticator app bypass time-based stop otp refreshing

how i bypassed microsoft authenticator time-based stop otp refreshing funny POC

my name is Ahmed a Abdulla

I would like to report stop otp refreshing that allows to an attacker stop refreshing OTP in 30s

and an attacker can brute force account and steal code login all account in one time

an attacker can bypass 2FA via brute force cuz the refreshing OTP is stopped Microsoft authenticator

I test on iPad mini 3 Version 12.4.9

1:- open your account and set up Two-factor verification using Microsoft Authenticator‬

2:- and you need OTP code to login in to your account

3- open app Microsoft Authenticator‬ you will see the code otp is refreshing in 30s to bypass this 30s just scroll down the screen iPad the will stoped the time code

Microsoft does not accept this POC because it’s not risk to the user

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store