Can't get vault token from Windows using login with mfa

Describe the bug
Can't authenticate using login with MFA from Windows to receive the token, and executing same auth from linux I can.

To Reproduce
Steps to reproduce the behavior:
From Linux:

vault login -token-only -method=ldap -path=customldap username=a_user
Password (will be hidden):
Initiating Interactive MFA Validation...
Enter the passphrase for methodID "a1b23d4-a9ea-83aa-b24e-abc1230429954" of type "totp":
hvs.CAESIKbFRpsz....

From Windows:

 C:\bin> vault login -token-only -method=ldap -path=customldap username=a_user
Password (will be hidden):
Initiating Interactive MFA Validation...
Enter the passphrase for methodID "a1b23d4-a9ea-83aa-b24e-abc1230429954" of type "totp":
Error making API request.

URL: POST https://vault.company.com/v1/sys/mfa/validate
Code: 403. Errors:

* failed to satisfy enforcement admintotp. error: 2 errors occurred:
        * MFA credentials not supplied
        * login MFA validation failed for methodID: [a1b23d4-a9ea-83aa-b24e-abc1230429954]

Expected behavior
Get a token from Windows using vault.exe or add an argument like passcode=xxxxxx to can send from stdin directly

Environment:

• Vault Server Version (retrieve with vault status): 1.13.2
• Vault CLI Version (retrieve with vault version): 1.13.2
• Server Operating System/Architecture: Windows 2019 Standard Server

Vault server configuration file(s):

# Paste your Vault config here.
# Be sure to scrub any sensitive values
storage "file" {
  "path" = "/vault/file"
}
listener "tcp" {
  address = "0.0.0.0:8200"
  tls_disable = 1
}
default_lease_ttl = "168h"
max_lease_ttl = "720h"
ui = true
log_level = "trace"

Additional context
Test it client from 1.11.x , 1.12.x and 1.13.x and got same error. can't interactive to send passcode

[ctracysf]

I'm not sure what the "me too" etiquette is here, but we're encountering the same issue. Everything works great from Linux clients, but vault.exe on Windows just breezes past the TOTP prompt as though you hit <Enter> when you didn't, so you never even get a chance to input your TOTP code.

Environment

• Vault Server Version (retrieve with vault status): 1.13.1
• Vault CLI Version (retrieve with vault version): 1.14.1
• Server Operating System/Architecture: Windows Server 2019

[mihaivint]

Issue comes from c.UI.AskSecret not waiting for input on windows in command/base.go , didn't chase this further.. It's actually in github.com/mitchellh/cli package
In case anyone wants a quick fix

--- vault-1.15.5/command/base.go        2024-01-31 16:02:10.000000000 +0200
+++ vault-1.15.5-new/command/base.go    2024-02-13 16:29:56.649820386 +0200
@@ -4,6 +4,8 @@
 package command

 import (
+       pwd "github.com/hashicorp/go-secure-stdlib/password"
+       "runtime"
        "bytes"
        "flag"
        "fmt"
@@ -269,6 +271,12 @@
        var err error
        if methodInfo.usePasscode {
                passcode, err = c.UI.AskSecret(fmt.Sprintf("Enter the passphrase for methodID %q of type %q:", methodInfo.methodID, methodInfo.methodType))
+               if len(passcode) == 0 && runtime.GOOS == "windows" {
+                       passcode, err = pwd.Read(os.Stdin)
+                       fmt.Fprintf(os.Stderr, "\n")
+                       if err != nil {
+                               return nil, err
+               }
                if err != nil {
                        return nil, fmt.Errorf("failed to read passphrase: %w. please validate the login by sending a request to sys/mfa/validate", err)
                }

[Eric-N-Be]

any news of this bug ?

Environment:
Vault Server Version (retrieve with vault status): 1.16.2
Vault CLI Version (retrieve with vault version): 1.17.1
Server Operating System/Architecture: Windows 11