Timovink

**Name of the Vulnerable Software and Affected Versions** Snowflake Connector .NET versions 2.0.25 through 2.1.4 **Description** The issue is related to errors in the certificate authentication procedure, which may allow a remote attacker to perform a Man-in-the-Middle (MitM) attack. The vulnerability is difficult to exploit, as it requires access to the private key of a correctly issued Snowflake certificate and the ability to intercept network traffic. At the time of this advisory's publication, Snowflake is not aware of any compromise of its certificates or unauthorized issuance of such by any publicly trusted Certificate Authority (CA). **Recommendations** For versions 2.0.25 through 2.1.4, update to version 2.1.5 to fix the issue. As a temporary workaround for versions 2.0.25 through 2.1.4, consider setting the `insecureMode` flag to true to minimize the risk of exploitation.