Over the last few days I have read about a security flaw that many sites and blogs are reporting, that Scott Guthrie originally posted. In fact I am quite surprised that it has gotten so much attention, usually these things go a bit un noticed.
That attention prompted me to check out the default Kentico installation and see what the settings are in the web.config file, to see if the default installation was at risk.
Sure enough the default installation looks like this (ASP.NET 4)