Aspnet_regiis

An attacker with Microsoft IIS web server access can decrypt and dump hardcoded connection strings, such as MSSQL service account passwords, using the aspnet_regiis utility, potentially leading to credential compromise.