this post was submitted on 08 Aug 2023
4 points (83.3% liked)

Security Operations

578 readers
1 users here now

A place for all things Cyber Security, from questions, rants, and stories, to the latest attacks, vulnerabilities, and zero days.

founded 2 years ago
MODERATORS
L3s
4
Revealing VS Code's Vulnerability: Token Storage is Accessible Across All Extensions (cycode.com)
submitted 2 years ago by L4s to c/secops
1 comments fedilink hide all child comments
 

Revealing VS Code's Vulnerability: Token Storage is Accessible Across All Extensions::This is the full story of the vulnerability we have discovered within Visual Studio Code (VS Code) concerning the handling of secure token storage. While designed for isolated storage for each extension, this vulnerability presents a high-risk “Token Stealing” attack. A malicious extension could expose third-party application tokens “securely stored” by your VS Code IDE, posing significant risks to entire organizations.

top 1 comments
sorted by: hot top controversial new old
[–] [email protected] 2 points 2 years ago

Well, when you buy "Microsoft Security" you get Microsoft security.