Login Sign Up

CVE-2023-39732

8.2 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability in Tokueimaru_waiting Line 13.6.1 allows attackers to obtain the client secret, which can then be used to acquire channel access tokens. Attackers can use these tokens to send unauthorized broadcast messages to users. This affects systems running the vulnerable version of Tokueimaru_waiting.

💻 Affected Systems

Products:
  • Tokueimaru_waiting
Versions: 13.6.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using the vulnerable version with client secret exposure.

📦 What is this software?

Tokueimaru Waiting by Linecorp

View all CVEs affecting Tokueimaru Waiting →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full control of the messaging channel, sending malicious broadcasts to all users, potentially leading to credential theft, malware distribution, or reputation damage.

🟠

Likely Case

Attackers send spam or phishing messages to users through the compromised channel, potentially tricking users into harmful actions.

🟢

If Mitigated

Limited impact with proper monitoring and quick response to unauthorized broadcasts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires obtaining the leaked client secret, which may be accessible through various means.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 13.6.2 or later

Vendor Advisory: https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39732.md

Restart Required: Yes

Instructions:

1. Update Tokueimaru_waiting to version 13.6.2 or later. 2. Restart the application. 3. Rotate all channel access tokens and client secrets.

🔧 Temporary Workarounds

Restrict Access to Client Secret

all

Ensure the client secret is stored securely and not exposed in logs, environment variables, or configuration files.

Monitor Broadcast Activity

all

Implement logging and alerting for unusual broadcast patterns or unauthorized message sends.

🧯 If You Can't Patch

  • Isolate the vulnerable system from the internet to reduce attack surface.
  • Implement strict network monitoring and anomaly detection for broadcast traffic.

🔍 How to Verify

Check if Vulnerable:

Check if Tokueimaru_waiting version is 13.6.1. Review configuration files and logs for exposed client secrets.

Check Version:

Check application documentation for version command, typically via configuration file or admin interface.

Verify Fix Applied:

Confirm version is 13.6.2 or later. Verify new client secrets are in use and old ones are invalidated.

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to client secret storage
  • Unexpected broadcast messages from unknown sources

Network Indicators:

  • Unusual outbound traffic patterns from the application server
  • Broadcast messages with suspicious content

SIEM Query:

source="tokueimaru_waiting" AND (event="broadcast" AND user NOT IN allowed_users) OR (event="secret_access" AND status="unauthorized")

📊 Metadata

CVE ID: CVE-2023-39732
CVSS v3 Score: 8.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
CWE: CWE-269
Published: October 25, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-39732, you might also want to check these:

CVE-2023-48419 10.0

This vulnerability allows an attacker within Wi-Fi range of a Google Home device to spy on the victi...

Same vulnerability type (CWE-269)
CVE-2025-20282 10.0

This critical vulnerability in Cisco ISE and ISE-PIC allows unauthenticated remote attackers to uplo...

Same vulnerability type (CWE-269)
CVE-2022-24783 10.0

This critical vulnerability in Deno runtime allows malicious code to bypass all permission checks an...

Same vulnerability type (CWE-269)