Skip to content

Password in plain text via Debugger / Mapepire #70

Open
Open
Password in plain text via Debugger / Mapepire#70

Description

@legnerbeer
legnerbeer
opened on Jun 25, 2026

Hey guys,
I think I've found a security issue with VSCode.

I was using the debugger for a COBOL pgm. I turned on the debug trace and watched the debug console in VSCode.

Image

My password was displayed in plain text in the debug console. Here is my JSON log:

From client: launch({
   "type":"IBMiDebug",
   "request":"launch",
   "subType":"sep",
   "action":"get_list",
   "name":"Service Entry Point",
   "user":"testuser",
   "password":"MYPASSWORD", #THIS is my Password in plain Text, I changed before i did this Test :) 
   "host":"<SAMPLE_IP>",
   "port":8005,
   "secure":true,
   "ignoreCertificateErrors":false,
   "trace":true,
   "workbenchSettings":{
      "updateProductionFiles":false,
      "enableDebugTracing":false
   },
   "__sessionId":"<SAMPLE_SESSION_ID>"
})
Context Version
Code for IBM i version 3.0.11
Visual Studio Code version 1.125.1
Operating System win32_x64
Active extensions 
CL (vscode-clle): 1.2.6
COBOL (cobol): 26.6.23
COBOL Language Support (cobol-language-support): 2.5.0
Code for IBM i Walkthroughs (vscode-ibmi-walkthroughs): 0.5.0
Configuration Editing (configuration-editing): 10.0.0
Container Tools (vscode-containers): 2.4.5
Db2 for IBM i (vscode-db2i): 2.0.1
Emmet (emmet): 10.0.0
Error Lens (errorlens): 3.28.0
Extension Authoring (extension-editing): 10.0.0
Git (git): 10.0.0
Git Base (git-base): 10.0.0
GitHub (github): 0.0.1
GitHub Authentication (github-authentication): 0.0.2
GitHub Copilot Chat (copilot-chat): 0.53.1
IBM Z Open Editor (zopeneditor): 6.6.0
IBM i Debug (ibmidebug): 3.0.3
IBM i FileSystem (vscode-ibmi-fs): 1.0.4
IBM i Project Explorer (vscode-ibmi-projectexplorer): 2.12.5
IBM i Renderer (vscode-displayfile): 0.1.3
IBM i Testing (vscode-ibmi-testing): 1.3.4
JSON Language Features (json-language-features): 10.0.0
JavaScript and TypeScript Language Features (typescript-language-features): 10.0.0
Merge Conflict (merge-conflict): 10.0.0
Microsoft Account (microsoft-authentication): 0.0.1
NPM support for VS Code (npm): 1.0.1
Node Debug Auto-attach (debug-auto-launch): 10.0.0
Quick Auto-Save (quick-auto-save): 1.0.1
RPGLE (vscode-rpgle): 0.33.8
Server Ready Action (debug-server-ready): 10.0.0
Terminal Suggest for VS Code (terminal-suggest): 1.0.1
Zowe Explorer (vscode-extension-for-zowe): 3.5.1

Not connected 🔌

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions