Original Post: [Yoti] Pin Bruteforce Rate-Limiting Bypass
This vulnerability was analyzed during Episode 129 on 21 March 2022
Trivial instance of client-sided validation, in this case to enforce a timeout they were using the device’s time. So by changing the time on the device you can make more attempts at the pin.