PIN 📌 BYPASS 🥷

Summary: 983980808 IOS App has improper rate limit. When we try to brute force the PIN, we are rate limited for 5 minutes after 5 or 6 attempt. In my testing I found that it was checking the device's local date / time so by changing it we can brute force the PIN. Steps To Reproduce: 1.Install 983980808 IOS APP from IOS APP store. 2.Create your PIN. 3.Now open again your 983980808 IOS App 4.You will be asked to enter the PIN. 5.Try to brute force the code. You will see a message to try again after 5 min. 6.Now change the date / time of your device. 7.Observe there is no rate limit now. POC video : IMG_7755.MP4 ## Impact An attacker can brute force the PIN of an user