Bruteforcing iOS + Android application PIN leads to PIN Bypass

SigmaGmbH / Bug-Bounty-1.0

This repo consolidates reported issues from swisstronik-evm-module, swisstronik-librustgo, and swisstronik-chain repositories, complemented by all the Bug Bounty 1.0 program details and rewards for developers.

2 stars 0 forks source link

Bruteforcing iOS + Android application PIN leads to PIN Bypass #15

Closed mridulvo closed 12 months ago

mridulvo commented 1 year ago

Hi Team, Hope you are doing great. I got a vulnerability in your applications via which an attacker is able to bypass the PIN. The attacker just need to bruteforce the 4 digit PIN as unlimited tries is accepted by the application, the attacker can simply do a bruteforce and access the wallet.

https://github.com/SigmaGmbH/Bug-Bounty-1.0/assets/104922520/47c845d6-15c3-4a8b-b1f7-4ff8a3677161

Impact: PIN Bypass via bruteforce

SantiagoDevRel commented 12 months ago

Hi @mridulvo , thank you so much for submitting this issue, we genuinely appreciate your commitment to our community and your dedication to improving the overall Swisstronik experience. Please note that, unfortunately, this issue falls outside the scope of our bug bounty program, as outlined here. Thank you.