The Everus.org Android application version1.0.7 has a fundamental design flaw where the server provides the second factor to the client for comparison instead of properly validating it server-side.
6692defba0408aaffe64bbe95bc5c8092936c9174bf5aeb6c6109750fc09bd4f