microsoft authenticator app bypass time-based stop otp refreshing
1 min readMar 25, 2021
how i bypassed microsoft authenticator time-based stop otp refreshing funny POC
my name is Ahmed a Abdulla
I would like to report stop otp refreshing that allows to an attacker stop refreshing OTP in 30s
and an attacker can brute force account and steal code login all account in one time
an attacker can bypass 2FA via brute force cuz the refreshing OTP is stopped Microsoft authenticator
I test on iPad mini 3 Version 12.4.9
1:- open your account and set up Two-factor verification using Microsoft Authenticator
2:- and you need OTP code to login in to your account
3- open app Microsoft Authenticator you will see the code otp is refreshing in 30s to bypass this 30s just scroll down the screen iPad the will stoped the time code
Microsoft does not accept this POC because it’s not risk to the user
lu3ky13 is on @buymeacoffee! 🎉
You can support by buying a coffee ☕️ here —
https://www.buymeacoffee.com/lu3ky13