[Yoti] Pin Bruteforce Rate-Limiting Bypass ($1000 USD)

We discussed this vulnerability during Episode 129 on 21 March 2022

Trivial instance of client-sided validation, in this case to enforce a timeout they were using the device’s time. So by changing the time on the device you can make more attempts at the pin.