Insecure Default Configuration

The product initializes or sets a resource with a default configuration that is intended to be changed by an installer, administrator, or maintainer, but the default is not secure. If these insecure defaults remain unchanged, attackers may exploit exposed functionality, bypass security controls, or gain unauthorized access depending on the affected resource.

Remediation

To remediate this vulnerability, systems should be deployed with secure defaults that minimize exposure and restrict unnecessary functionality. Configuration values such as permissions, authentication settings, and network access controls should be explicitly initialized to safe states, and administrators should be required to review and modify security-sensitive defaults during installation or deployment.

Metadata

Severity: medium
Slug: insecure-default-configuration

CWEs

1188: Insecure Default Initialization of Resource

Available Labs

Open C labs in SecDim Play for this vulnerability.

easy

Debugged.c

C Easy Signature

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

For Companies Play Now

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.