Executive Summary

This vulnerability exists in Nocturne Memory versions prior to 2.4.1. When the API_TOKEN is unset or empty, the BearerTokenAuthMiddleware fails to enforce authentication, allowing all HTTP requests to bypass authentication.

Because the default configuration binds the service to 0.0.0.0 and allows all CORS origins, any client on the same local network can access the full Knowledge-Graph read/write API without restriction.

An attacker on the same LAN can read, write, or delete all memory entries, including sensitive URIs like system://boot and core://* that automatically load into downstream agent sessions, enabling persistent prompt-injection attacks.

This security issue is fixed in version 2.4.1.

Useful 0 Not Useful 0

Impact Analysis

If you run a vulnerable version of Nocturne Memory without setting the API_TOKEN, an attacker on your local network can fully access and manipulate your memory entries.

• They can read sensitive data stored in the memory server.
• They can write or modify memory entries, potentially injecting malicious prompts.
• They can delete critical memory entries, disrupting system or agent operations.

Such unauthorized access can lead to persistent prompt-injection attacks that affect downstream agent sessions, compromising the integrity and security of your system.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, ensure that the API_TOKEN environment variable is explicitly set and not empty when running Nocturne Memory.

Additionally, upgrade Nocturne Memory to version 2.4.1 or later, where this issue is fixed.

Avoid using the default host binding of 0.0.0.0 and the permissive CORS setting allow_origins=["*"] without proper authentication, as these settings expose the API to any LAN-reachable client.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability allows unauthorized access to the full Knowledge-Graph read/write API on the affected system when the API_TOKEN is unset or empty. An attacker on the same network can read, write, or delete all memory entries, including critical system data, which could lead to persistent prompt-injection attacks.

Such unauthorized access and potential data manipulation could lead to violations of common data protection standards and regulations like GDPR and HIPAA, which require strict access controls and protection of sensitive data. The exposure of sensitive memory entries and the ability to alter or delete them without authentication undermines confidentiality, integrity, and availability requirements mandated by these regulations.

Therefore, failure to properly set and enforce API_TOKEN authentication as described in this vulnerability could result in non-compliance with these standards, potentially leading to legal and regulatory consequences.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking if the nocturne_memory server is running with the API_TOKEN unset or empty, and if it is bound to 0.0.0.0 with permissive CORS settings allowing all origins. An attacker on the same network can access the Knowledge-Graph API without authentication.

To detect this on your system or network, you can attempt to send HTTP requests to the nocturne_memory API endpoint without an Authorization header and observe if access is granted.

Suggested commands to test this include using curl to send requests without authentication:

• curl -v http://<server-ip>:<port>/api/knowledge-graph
• curl -v -X GET http://<server-ip>:<port>/api/knowledge-graph/memory_entries

If these commands return data without requiring an API_TOKEN in the Authorization header, the system is vulnerable.

Additionally, check the server configuration for the presence and value of API_TOKEN, host binding (should not be 0.0.0.0), and CORS settings (should not allow all origins).

Useful 0 Not Useful 0