Name of the Vulnerable Software and Affected Versions:

Trilium Notes versions prior to 0.97.0

Description:

Trilium Notes is a cross-platform hierarchical note taking application. A brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to guess the login password without triggering rate limiting. The application is single-user and does not require a username. The application can be exposed to the internet due to features like multi-factor authentication and note sharing.

Recommendations:

Update to version 0.97.0 or later.