Revealing VS Code’s Vulnerability: Token Storage is Accessible Across All Extensions::This is the full story of the vulnerability we have discovered within Visual Studio Code (VS Code) concerning the handling of secure token storage. While designed for isolated storage for each extension, this vulnerability presents a high-risk “Token Stealing” attack. A malicious extension could expose third-party application tokens “securely stored” by your VS Code IDE, posing significant risks to entire organizations.

  • Treczoks
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    Well, when you buy “Microsoft Security” you get Microsoft security.