[原文]** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A database service is running, e.g. a SQL server, Oracle, or mySQL."
Multiple SQL Server TCP/IP Listener Information Disclosure
Remote / Network Access
Loss of Confidentiality
Multiple SQL Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to insecure configuration settings of the TCP/IP Listener, which may allow a remote attacker to query the server for sensitive information resulting in a loss of confidentiality.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Restrict connections only to authenticated users.