Dotnet’s default AES mode is vulnerable to padding oracle attacks

https://pulsesecurity.co.nz/articles/dotnet-padding-oracles

https://github.com/AonCyberLabs/PadBuster