.NET Information Disclosure Vulnerability
CVE-2016-7270 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key guessability, aka ".NET Information Disclosure Vulnerability."
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.