foilChat Sign Up Email PIN Confirmation Bypass
Posted on 31 May 2018
The foilChat backend fails to prevent brute force attempts of the PIN code. An attacker can attempt all 10000 different PIN codes until the correct one is found, and then use the correct PIN to complete the registration.