CVE-2024-0056 – Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability

https://notcve.org/view.php?id=CVE-2024-0056

09 Jan 2024 — Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability Vulnerabilidad de omisión de característica de seguridad del proveedor de datos SQL de Microsoft.Data.SqlClient y System.Data.SqlClient A vulnerability was found in the .NET Framework. This vulnerability exists in the Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data provider where an attackercan perform an AiTM (adversary-in-the-middle) attack between the SQL client and the SQL server. This ... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056 • CWE-319: Cleartext Transmission of Sensitive Information CWE-420: Unprotected Alternate Channel •