A program written by people, now departed, who obviously had no clue.
More seriously, a legacy application is essentially one that (to leverage from writings by Brodie and Stonebraker) resists the reflection of ongoing requirements change. There are many reasons for this happening, but one of the major ones is architectural petrification, wherein successive waves of hacking leave layer upon layer of implicit architecture on top of a submerged legitimate architecture. The intellectual capacity of developers to unravel these layers is progressively stretched further and further until, eventually, the code is in control. This leads, then, to human petrification, where developers are terrified of making code changes lest unexpected side effects result, hence the resistance to requirements change. -- AnthonyLauder
I would perhaps define a legacy application as one that no longer has active development being done at the front end of the software development life cycle - it's just getting bug fixes. It also may use deprecated protocols, but there is not necessarily bad code in it. --PeteHardie
See: BrownfieldApplication, GreenfieldApplication, LegacyStamp