A5 Security Misconfiguration. Databases configured wrong. Not removing out of the box default
access and settings. Keeping default usernames and passwords. OS, Webserver, DBMS, applications.
etc. not patched and up to date. Unnecessary features are enabled or installed; this could be open
ports, services, pages, accounts, privileges, etc.