For local communication Microsoft Visual Studio Code often uses TCP sockets (bound to localhost) even though UNIX sockets are available. What's more, old versions used to pass the authentication token as a command-line argument, exposing it to all users on the system.
I wonder how many other security disasters it contains that nobody has discovered yet.
No comments yet.