Nowadays, multi-server remote user authentication schemes have been studied extensively in the literature. Recently, Chuang and Chen proposed a multi-server authentication scheme based on trust computing using smart cards and biometrics. Their scheme is more efficient and can achieve more security requirements than other related schemes. However, we found that Chuang and Chen's scheme can disclose private information shared between a legal user and an authorized server to another server. Moreover, loss of smart card attacks can be amounted and user anonymity cannot be achieved.