CVE-2023-43299 in mini-app on Line
Summary
by MITRE • 12/07/2023
An issue in DA BUTCHERS mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 02/05/2026
The vulnerability identified as CVE-2023-43299 resides within the DA BUTCHERS mini-app running on Line v13.6.1, presenting a critical security flaw that enables unauthorized actors to exploit notification delivery mechanisms through compromised channel access tokens. This vulnerability specifically affects the messaging infrastructure of the Line platform where the mini-app operates, creating a pathway for attackers to manipulate notification flows and potentially escalate their access privileges. The flaw stems from improper handling of authentication tokens within the application's communication layer, allowing malicious actors to leverage leaked channel access tokens for unauthorized message transmission.
The technical implementation of this vulnerability involves a weakness in the token management system where channel access tokens are not properly secured or validated during notification delivery processes. When an attacker successfully obtains a channel access token through various means such as network interception, code analysis, or other exploitation techniques, they can utilize this token to send crafted malicious notifications to users of the DA BUTCHERS mini-app. This represents a classic case of insufficient access control and token validation, falling under CWE-287 which addresses improper authentication mechanisms and CWE-352 which addresses cross-site request forgery vulnerabilities. The flaw operates at the application layer where the mini-app fails to adequately verify the authenticity and authorization status of the tokens used for notification delivery.
The operational impact of this vulnerability extends beyond simple notification manipulation to potentially enable more sophisticated attack vectors including social engineering campaigns, phishing attempts, and credential theft operations. Attackers can craft notifications that appear legitimate to users, potentially tricking them into clicking malicious links or providing sensitive information. The attack surface is particularly concerning because Line is a widely used messaging platform with extensive user bases, meaning a single compromised token could allow mass notification spamming or targeted attacks against specific user groups. This vulnerability aligns with ATT&CK technique T1566 which covers phishing campaigns and T1078 which addresses valid accounts usage for persistence and privilege escalation.
Mitigation strategies for this vulnerability must address both immediate remediation and long-term architectural improvements. The primary fix involves implementing robust token validation mechanisms that verify the authenticity and scope of channel access tokens before allowing notification delivery operations. Organizations should implement token rotation policies, secure token storage mechanisms, and comprehensive access control checks that validate token permissions against intended recipients and message content. Additionally, network monitoring should be enhanced to detect unusual notification patterns that might indicate token misuse. The implementation of proper input validation and output encoding for all notification parameters will help prevent injection attacks that could compound the vulnerability. Regular security audits and penetration testing should be conducted to identify potential token leakage points and ensure that access control mechanisms remain effective against evolving attack techniques. Organizations using the Line platform should also consider implementing additional authentication layers and monitoring for unauthorized token usage patterns to prevent exploitation of this vulnerability.