CVE-2023-47370 in Line
Summary
by MITRE • 11/09/2023
The leakage of channel access token in bluetrick Line 13.6.1 allows remote attackers to send malicious notifications to victims.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 02/23/2026
The vulnerability identified as CVE-2023-47370 represents a critical security flaw in the Line messaging application version 13.6.1 that enables unauthorized access to channel access tokens through a data leakage mechanism. This issue specifically affects the bluetrick Line platform and creates a significant risk for users who may unknowingly become victims of malicious notification campaigns. The vulnerability stems from improper handling of authentication tokens within the application's communication protocols, allowing attackers to extract sensitive channel access credentials that should remain protected and confidential.
The technical implementation of this flaw involves a failure in the application's token management system where channel access tokens are inadvertently exposed during normal operational procedures. These tokens serve as critical authentication mechanisms that grant access to specific communication channels within the Line ecosystem. When leaked, they provide attackers with the ability to impersonate legitimate users and send notifications to targeted recipients without their knowledge or consent. The vulnerability operates at the application layer and leverages existing communication pathways that should normally be secured through proper authentication and authorization mechanisms.
From an operational perspective, this vulnerability creates a substantial attack surface that enables sophisticated social engineering campaigns and targeted harassment operations. Attackers can exploit the leaked tokens to send malicious notifications that appear to originate from legitimate sources, potentially leading to phishing attempts, malware distribution, or other malicious activities. The impact extends beyond individual users to potentially compromise entire organizational communication channels if the vulnerability affects business versions of the application. This type of vulnerability directly violates fundamental security principles and can result in reputational damage, regulatory compliance issues, and potential legal consequences for affected organizations.
The security implications of CVE-2023-47370 align with CWE-200, which addresses the exposure of sensitive information, and can be categorized under ATT&CK technique T1566 for phishing and T1071 for application layer protocols. Organizations should implement immediate mitigations including token rotation procedures, enhanced monitoring of token usage patterns, and verification of token integrity checks. The recommended approach involves deploying network traffic analysis tools to detect anomalous notification patterns and implementing stricter access controls for channel operations. Additionally, users should be educated about recognizing suspicious notifications and organizations should establish incident response procedures specifically addressing token leakage scenarios. This vulnerability underscores the critical importance of proper credential management and the need for continuous security assessment of mobile applications that handle sensitive communication channels.