AntiPattern
Missing Guardrails In Defaults
unsafe-security-defaults-scope-bleed
Default configuration choices silently expand scope or weaken security—allowing all source IPs, using unauthenticated AES-CBC by default, or assuming per-connection state works—so mitigations must explicitly constrain inputs and add required integrity checks/IV handling.