With the latest Lion security update (Mac OS X 10.7.3_ Apple has accidentally turned on a debug log file outside of the encrypted area that stores the user’s password in clear text, reports “ZDNet” (http://macte.ch/YKKPp).
It seems an Apple programmer in inadvertently left a debug flag in the most recent version of Mac OS X, the article adds. In specific configurations, applying OS X 10.7.3 turns on a system-wide debug log file that contains the log-in passwords of every user who has logged in since the update was applied. The passwords are stored in clear text.
Anyone who used FileVault encryption on their Mac prior to Lion, upgraded to Lion, but kept the folders encrypted using the legacy version of FileVault is vulnerable. FileVault 2 (whole disk encryption) is unaffected, notes “ZDNet.”