CVE-2023-51662

Name of the Vulnerable Software and Affected Versions Snowflake Connector .NET versions 2.0.25 through 2.1.4

Description The issue is related to errors in the certificate authentication procedure, which may allow a remote attacker to perform a Man-in-the-Middle (MitM) attack. The vulnerability is difficult to exploit, as it requires access to the private key of a correctly issued Snowflake certificate and the ability to intercept network traffic. At the time of this advisory's publication, Snowflake is not aware of any compromise of its certificates or unauthorized issuance of such by any publicly trusted Certificate Authority (CA).

Recommendations For versions 2.0.25 through 2.1.4, update to version 2.1.5 to fix the issue. As a temporary workaround for versions 2.0.25 through 2.1.4, consider setting the insecureMode flag to true to minimize the risk of exploitation.