漏洞关键信息 1. 漏洞名称 - Exposure of secret in otakara lapis totuka 2. 受影响产品 - otakara lapis totuka 3. 受影响版本 - v13.6.1 4. 漏洞类型 - Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) 5. 漏洞描述 - The mini-app 'otakara lapis totuka' on Line exposes the critical credential, the 'channel access token', to the client-side, enabling remote attackers to obtain the token. This channel access token is responsible for securing the communication channel within Line and can be exploited to broadcast malicious messages. 6. 攻击向量 - The exploit only requires that the client simply has Line installed and open the mini-app 'otakara lapis totuka' on Line. The response of the following request: www.l-members.me / miniapp / members_card, contains the critical credential, the channel access token.