A security misconfiguration occurs when security settings are defined, implemented, maintained, or used improperly, making the system vulnerable. Default credentials are a typical example of such a misconfiguration because attackers can easily exploit these well-known defaults to gain unauthorized access.