Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Trilium Notes has a Timing Attack Vulnerability in /api/login/sync
Vulnerability Description
Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. Prior to 0.101.0, a critical timing attack vulnerability in Trilium's sync authentication endpoint allows unauthenticated remote attackers to recover HMAC authentication hashes byte-by-byte through statistical timing analysis. This enables complete authentication bypass without password knowledge, granting full read/write access to victim's knowledge base. This vulnerability is fixed in 0.101.0.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
通过时间差异性导致的信息暴露
Vulnerability Title
Trilium Notes 安全漏洞
Vulnerability Description
Trilium Notes是Zadam个人开发者的一个分层笔记应用程序。专注于构建大型个人知识库。 Trilium Notes 0.101.0之前版本存在安全漏洞,该漏洞源于同步身份验证端点存在关键时序攻击,可能导致未经验证的远程攻击者通过统计时序分析逐字节恢复HMAC身份验证哈希,从而完全绕过身份验证。
CVSS Information
N/A
Vulnerability Type
N/A