Skip to content
DevMeme
6908 of 7435
Legendary Stack Overflow Post About Incompetent Security Auditor Demanding Plaintext Passwords
Security Post #7571, on Dec 22, 2025 in TG

Legendary Stack Overflow Post About Incompetent Security Auditor Demanding Plaintext Passwords

Description

A screenshot of the famous Stack Overflow question titled 'Our security auditor is an idiot. How do I give him the information he wants?' with 2507 upvotes, asked 14 years 5 months ago, modified 4 years 2 months ago, and viewed 562k times. The question describes a security auditor who demanded within two weeks: a list of current usernames and plain-text passwords for all user accounts on all servers, a list of all password changes for the past six months in plain-text, a list of every file added to the server from remote devices in the past six months, the public and private keys of any SSH keys, and an email sent to him every time a user changes their password containing the plain text password. The right sidebar shows 'The Overflow' blog links and 'Featured on Meta' section. This is one of the most legendary posts in Stack Overflow history, showcasing a security auditor who fundamentally misunderstands security

Comments

9
Anonymous ★ Top Pick The auditor's next request: 'Also, please print out the firewall rules and tape them to the front door for easy reference.'
  1. Anonymous ★ Top Pick

    The auditor's next request: 'Also, please print out the firewall rules and tape them to the front door for easy reference.'

  2. @mrYakov 6mo

    social engineering in action

  3. @anchorwave 6mo

    https://serverfault.com/questions/293217/our-security-auditor-is-an-idiot-how-do-i-give-him-the-information-he-wants

    1. @mordegaard 6mo

      Absolute cinema email thread

  4. @ulanov_show 6mo

    Serve him a public page with all requested info for readability and comfort)

    1. @M_Ali_S_S 6mo

      Brother I hope you don't take this as an insult but you kinda look like a white snoop dogg

  5. @Algoinde 6mo

    "No information will be provided. In light of this, I believe I have passed your social engineering audit".

  6. @tema3210 6mo

    - Nice try, leatherman

  7. @SwedishSock 6mo

    If a security auditor asked me for these details I would assume he's a scammer trying to phish account details from me. I wojldn't even reply, I'd show it to my boss, haha

Use J and K for navigation