When displaying Security Overview admin report, Moodle shows the following "Critical" message when the Student capability moodle/site:mnetlogintoremote is enabled:
Site default course role Critical Incorrectly defined default course role "Student" detected!
The error message is either misleading and too severe since the capability is needed by any students in a Moodle Networked environment.
Also, the related message
XSS trusted users Warning RISK_XSS - found 1 users that have to be trusted.
is generated by the same capability set to on.