CVE-2023-45559 in Line
Summary
by MITRE • 01/03/2024
An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 06/03/2025
The vulnerability identified as CVE-2023-45559 affects Tamaki_hamanoki Line version 13.6.1 and represents a critical security flaw that enables attackers to exploit notification delivery mechanisms through unauthorized access token leakage. This issue specifically targets the LINE messaging platform's channel access token handling, which serves as a critical authentication mechanism for API communications and notification services. The vulnerability stems from improper token management within the application's notification processing pipeline, creating an avenue for malicious actors to intercept and utilize valid access tokens for unauthorized communication.
The technical implementation of this vulnerability involves the leakage of channel access tokens through crafted notification requests that are processed by the vulnerable application. When the system handles incoming notifications, it fails to properly validate or sanitize the token parameters, allowing attackers to inject malicious payloads that can trigger the leakage of legitimate access tokens. This flaw operates at the intersection of weak input validation and insecure token handling practices, creating a pathway for privilege escalation and unauthorized access to notification services. The vulnerability can be classified under CWE-20 as "Improper Input Validation" combined with CWE-306 as "Missing Authentication for Critical Function" since the system fails to properly authenticate requests before processing sensitive notification operations.
From an operational impact perspective, this vulnerability enables attackers to send unauthorized notifications to users, potentially leading to phishing campaigns, spam distribution, or social engineering attacks. The leaked access tokens can be used to impersonate legitimate services, deliver malicious content, or manipulate user communications within the LINE ecosystem. Security professionals must consider this vulnerability in the context of the ATT&CK framework, particularly under T1566 for "Phishing" and T1071.004 for "Application Layer Protocol: DNS" where the compromised tokens could facilitate further network reconnaissance or command and control communications. The vulnerability also represents a significant risk for organizations that rely on LINE for business communications, as attackers could exploit this to disrupt service availability or compromise user data.
Mitigation strategies for CVE-2023-45559 should focus on immediate patch deployment for the affected Tamaki_hamanoki Line version 13.6.1, along with comprehensive token validation and rotation mechanisms. Organizations should implement strict input sanitization for all notification processing components and establish robust monitoring for anomalous token usage patterns. The solution involves strengthening the application's authentication framework to ensure that all notification requests undergo proper verification before token processing occurs. Additionally, security teams should conduct thorough penetration testing to identify any potential additional attack vectors within the notification infrastructure and establish incident response procedures specifically designed to handle access token compromise scenarios.