Insane vulnerabilities. The massive mismatches between authentication and authorization scopes are crazy. Encrypting data with "secret" as the key is also a facepalm.
Someone didn't bother reading my carefully prepared memo on commonly-used passwords. Now, then, as I so meticulously pointed out, the four most-used passwords are: love, sex, secret, and...
Ages ago I was tasked with migrating a site for a famous workout instructor. I noticed they stored passwords in plain text. His along with a shocking number of user accounts all used just his first name as the password.
So would your holiness care to change her password?
Once upon a time, I ran ypcat passwd and piped it into John the Ripper on the CompSci Linux cluster at one of the University of California campuses. Within 90s, I had amassed passwords of over 40 users including several lecturers and a tenured professor. The CS IT shop's mistake was running NIS+ rather than something like LDAP + Kerberos.