Configuration Vulnerabilities

Configuration vulnerabilities can be exploited through certain default settings that come with applications. This can easily happen when an attacker has access to a copy of the same application that you are running. An example of a configuration vulnerability is when an application comes with a default username and password. Once an attacker finds those out, then he/she can pretty much do anything with your application that he/she wants. The following is an article regarding configuration vulnerabilities in ASP.NET: http://www.troyhunt.com/2012/04/67-of-aspnet-websites-have-serious.html.