Microsoft Visual Studio Code flaw lets extensions steal passwords

Microsoft's Visual Studio Code (VS Code) code editor and development environment contains a flaw that allows malicious extensions to retrieve authentication tokens stored in Windows, Linux, and macOS credential managers. [...]

authentication code credential development editor environment extensions flaw linux macos malicious managers microsoft passwords security steal studio tokens visual studio visual studio code vs code windows