I am classifying this as a bug since Apple and Google do (e.g. Apple CVE-2014-4451 - Unlimited incorrect pin attempts on iOS). Currently, if a pin unlock or fingerprint unlock is set on the mobile app, a user or attacker is allowed unlimited attempts to try and unlock the Bitwarden vault instead of being capped at a reasonable amount e.g. 5 before reprompting for the master password.
I am classifying this as a bug since Apple and Google do (e.g. Apple CVE-2014-4451 - Unlimited incorrect pin attempts on iOS). Currently, if a pin unlock or fingerprint unlock is set on the mobile app, a user or attacker is allowed unlimited attempts to try and unlock the Bitwarden vault instead of being capped at a reasonable amount e.g. 5 before reprompting for the master password.