Microsoft Authenticator Flaw Leaks TOTP Codes, Threatening MFA

Malwarebytes discovered that specific builds of the Microsoft Authenticator app unintentionally expose the generated time‑based one‑time passwords (TOTP) through a publicly readable storage location. Malicious software on the same device can harvest these codes, allowing it to replay the second factor in an MFA flow without user interaction.

The vulnerability compromises the core security guarantee of multi‑factor authentication, potentially granting attackers full access to corporate accounts, cloud services, and privileged systems if they can place or execute malware on a victim’s device. Defenders should prioritize immediate remediation: enforce updates to the patched app version, apply mobile device management (MDM) policies that block outdated authenticator binaries, and monitor for anomalous login attempts that may indicate TOTP abuse. Consider supplementing app‑based MFA with hardware tokens or password‑less solutions to reduce reliance on a single device.

Categories: Vulnerabilities & Exploits, Identity & Access Management

Source: Read original article