Lemmy.World

175,218 readers
7,685 users here now

The World's Internet Frontpage Lemmy.World is a general-purpose Lemmy instance of various topics, for the entire world to use.

Be polite and follow the rules ⚖ https://legal.lemmy.world/tos

Get started

See the Getting Started Guide

Donations 💗

If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.

If you can, please use / switch to Ko-Fi, it has the lowest fees for us

Ko-Fi (Donate)

Bunq (Donate)

Open Collective backers and sponsors

Patreon

Liberapay patrons

GitHub Sponsors

Join the team 😎

Check out our team page to join

Questions / Issues

More Lemmy.World

Follow us for server news 🐘

Mastodon Follow

Chat 🗨

Discord

Matrix

Alternative UIs

Monitoring / Stats 🌐

Service Status 🔥

https://status.lemmy.world

Mozilla HTTP Observatory Grade

Lemmy.World is part of the FediHosting Foundation

founded 2 years ago
ADMINS
ruud
Thekingoflorda
lwadmin
Rooki
AutoMod
kersploosh
MrKaplan
doccod
lwreport
bannanaente
listing: all - local
search
1
4
VS Code's Token Security: Keeping Your Secrets... Not So Secretly - Cycode (cycode.com)
 
 

This is the full story of the vulnerability we have discovered within Visual Studio Code (VS Code) concerning the handling of secure token storage. While designed for isolated storage for each extension, this vulnerability presents a high-risk “Token Stealing” attack. A malicious extension could expose third-party application tokens “securely stored” by your VS Code IDE, posing significant risks to entire organizations.

2
6
VS Code’s Token Security: Keeping Your Secrets… Not So Secretly (cycode.com)
 
 

cross-posted from: https://programming.dev/post/1562654

FYI to all the VS Code peeps out there that malicious extensions can gain access to secrets stored by other VS Code extensions as well as the tokens used by VS Code for Microsoft/Github.

I really don’t understand how Microsoft’s official stance on this is that this is working as intended…

If you weren’t already, be very careful about which extensions you are installing.

3
8
VS Code’s Token Security: Keeping Your Secrets… Not So Secretly (cycode.com)
 
 

cross-posted from: https://programming.dev/post/1562654

FYI to all the VS Code peeps out there that malicious extensions can gain access to secrets stored by other VS Code extensions as well as the tokens used by VS Code for Microsoft/Github.

I really don’t understand how Microsoft’s official stance on this is that this is working as intended…

If you weren’t already, be very careful about which extensions you are installing.

4
60
VS Code’s Token Security: Keeping Your Secrets… Not So Secretly (cycode.com)
 
 

FYI to all the VS Code peeps out there that malicious extensions can gain access to secrets stored by other VS Code extensions as well as the tokens used by VS Code for Microsoft/Github.

I really don’t understand how Microsoft’s official stance on this is that this is working as intended…

If you weren’t already, be very careful about which extensions you are installing.

5
64
VS Code’s Token Security: Keeping Your Secrets… Not So Secretly (cycode.com)
 
 

FYI to all the VS Code peeps out there that malicious extensions can gain access to secrets stored by other VS Code extensions as well as the tokens used by VS Code for Microsoft/Github.

I really don't understand how Microsoft's official stance on this is that this is working as intended...

If you weren't already, be very careful about which extensions you are installing.

6
2
Revealing VS Code's Vulnerability: Token Storage is Accessible Across All Extensions (cycode.com)
submitted 2 years ago by repostbot33 to c/netsec
0 comments fedilink
7
4
Revealing VS Code's Vulnerability: Token Storage is Accessible Across All Extensions (cycode.com)
submitted 2 years ago by L4s to c/secops
1 comments fedilink
 
 

Revealing VS Code's Vulnerability: Token Storage is Accessible Across All Extensions::This is the full story of the vulnerability we have discovered within Visual Studio Code (VS Code) concerning the handling of secure token storage. While designed for isolated storage for each extension, this vulnerability presents a high-risk “Token Stealing” attack. A malicious extension could expose third-party application tokens “securely stored” by your VS Code IDE, posing significant risks to entire organizations.

view more: next ›