[Yoti] Pin Bruteforce Rate-Limiting Bypass ($1000 USD)
Original Post:
We discussed this vulnerability during Episode 129 on 21 March 2022
Trivial instance of client-sided validation, in this case to enforce a timeout they were using the device’s time. So by changing the time on the device you can make more attempts at the pin.