Microsoft VS Code Marketplace Faces Supply Chain Risks from Leaked Secrets

Organizations have inadvertently exposed sensitive information across Microsoft Visual Studio Code (VS Code) marketplaces, jeopardizing not only their security but also the integrity of the broader software supply chain. In a blog post dated March 15, 2023, cybersecurity firm Wiz revealed findings from its research team that uncovered a troubling trend of secret leakage among organizations publishing extensions for the popular code editor developed by Microsoft.

Rami McCarthy, principal security researcher at Wiz, initiated an investigation into the VS Code Marketplace earlier this year after discovering attempts by malicious actors to introduce harmful extensions. “While we did end up identifying several interesting malicious extensions, we stumbled on something much more impactful: a scourge of secrets leaking in extension packages,” McCarthy noted in the post.

The Wiz research team also scrutinized the Open VSX Registry, an open-source alternative to the VS Code Marketplace managed by the Eclipse Foundation. They identified over 550 validated secrets from numerous extension publishers, many linked to AI companies such as OpenAI, Google Gemini, Anthropic, XAI, DeepSeek, HuggingFace, and Perplexity.

Critical Findings and Security Threats

VS Code extensions are packaged as .vsix files, which are compressed archives that can be easily unzipped and examined. McCarthy highlighted that many extension publishers included sensitive information in these packages, either due to a lack of awareness regarding their public nature or failure to scan for hardcoded secrets prior to submission. The most alarming discoveries included access tokens that granted users the ability to update extensions. These tokens comprised Azure DevOps Personal Access Tokens (PATs) for Microsoft’s VS Code Marketplace, as well as access tokens for open-vsx.org. The presence of over 130 such tokens raises concerns about potential supply chain attacks, where unauthorized individuals might poison extensions.

In a particularly concerning example, Wiz discovered a VS Code Marketplace PAT that could have facilitated the distribution of targeted malware within the workforce of a major Chinese corporation valued at $30 billion. McCarthy observed a notable increase in exposed secrets related to AI configuration files. Additionally, the researchers uncovered database secrets associated with platforms such as MongoDB, Postgres, and Supabase, as well as “high-risk” platform secrets for AWS, GitHub, Stripe, Auth0, and Google Cloud Platform (GCP).

Industry Response and Prevention Measures

Leaked secrets have become a growing concern within the information security community, as attackers increasingly target software repositories to extract credentials and sensitive data. McCarthy expressed surprise at the volume of secrets present in the extension marketplaces, suggesting that Microsoft may have been unprepared for such a significant discovery. “Not only was there no evidence of prior scanning, but much of the existing research around VS Code extensions has focused on malware and overlooked this substantial, more critical risk,” he explained.

Wiz reported the leaked secrets to Microsoft in late March and early April 2023, subsequently collaborating with the company to address the vulnerabilities. McCarthy confirmed that all leaked VS Code Marketplace PATs have been revoked. In June 2023, Microsoft introduced new security measures for the VS Code Marketplace, including tools for extension publishers to scan their packages for secrets before publication. The company also proactively scanned all existing extensions in the marketplace and pledged to work with organizations to publish sanitized code.

While the Open VSX Registry is implementing a new prefix for its access tokens, it remains unclear whether the Eclipse Foundation has revoked the exposed tokens or taken further steps to prevent future leaks. Attempts to reach the Eclipse Foundation for comment were unsuccessful.

McCarthy advises organizations to prefer the VS Code Marketplace for sourcing extensions due to its more rigorous review processes. He also recommends limiting the number of installed VS Code extensions, creating an inventory of integrated development environment (IDE) extensions, and carefully evaluating the trust criteria of extensions—such as installation numbers, reviews, publisher reputation, and other metadata—before installation.

The implications of these findings underscore the need for heightened vigilance in managing software supply chains, especially as the landscape of cybersecurity continues to evolve.