Default configurations of systems, including operating systems and web servers, are mostly created to demonstrate and highlight their basic or most relevant features, not to be secure
or protect them from attacks.
Some common default configurations that may compromise the security are the default administrator accounts that are created when the database, web server, or CMS was installed and the default administration pages and error messages with stack traces, among many others.
In this recipe, we will cover the fifth most critical vulnerability in the OWASP top 10:
Security Misconfiguration.
