.NET Information Disclosure Vulnerability

.NET Information Disclosure Vulnerability

CVE-2016-7270 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key guessability, aka ".NET Information Disclosure Vulnerability."

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.