The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.