These motherfucking incompetent programmers... Demon spaghetti code base saga continues.

So they have a password change functionality in their web app.

We have to change the length of it for cybersecurity insurance. I found a regex in the front end spaghetti and changed it to match the required length.

Noticed 7 regexes that validate the password input field. Wtf, why not just use one?! REGEX ABUSE! Also, why not just do a string length check, it's fucking easy in JS. I guess regex makes you look smart.

So we test it out and the regexes was only there for vanity, like display a nicely designed error that the password doesn't have x amount of characters, doesn't have a this and that, etc.

I check the backend ColdFusion mess that this charismatic asshole built. Finally find the method that handles password updates. THERE'S NO BACKEND VALIDATION. It at least sanitises the user input...

What's worse is that I could submit a blank new password and it accepts it. No errors. I can submit a password of "123" and it works.

The button that the user clicks when the password is changed, is some random custom HTML element called <btn> so you can't even disable it.

I really don't enjoy insulting people, but this... If you're one of the idiots who built this shit show and you're reading this, change your career, because you're incompetent and I don't think you should EVER write code again.