I have a feeling the next OWASP Top 10 will see misconfiguration moved from position 6 to 1.

As a side note, "Due a to a misconfigured server, a researcher found a constant stream of Elsevier users’ passwords."

https://motherboard.vice.com/en_us/article/vbw8b9/elsevier-user-passwords-exposed-online

It should not have been exposed. It should not be logging passwords.
a couple of bit "configuration errors" here.

#CoSoSec