Security misconfigurations arise when security settings are not defined, implemented, and default values are maintained. Usually, this means the configuration settings do not comply with the industry security standards (CIS benchmarks, OWASP Top 10 etc) which are critical to maintaining security and reduce business risk. Misconfiguration normally happens when a system or database administrator or developer does not properly configure the security framework of an application, website, desktop, or server leading to dangerous open pathways for hackers.

Source: Outpost