Insufficient protection against brute-force and runtime manipulation in the local authentication component in Two App Studio Journey 5.5.6 on iOS allows local attackers to bypass biometric and PIN-based access control via repeated PIN attempts or dynamic code injection.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.