microsoft authenticator app bypass time-based stop otp refreshing

my name is Ahmed a Abdulla

I would like to report stop otp refreshing that allows to an attacker stop refreshing OTP in 30s

and an attacker can brute force account and steal code login all account in one time

an attacker can bypass 2FA via brute force cuz the refreshing OTP is stopped Microsoft authenticator

I test on iPad mini 3 Version 12.4.9

Microsoft does not accept this POC because it’s not risk to the user



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store