So if you applied the Lion Apple update 10.7.3 it turns on a system-wide debug log file that has the login passwords of all the users who have logged in since the update was applied and the worst part about all of this is that it is placed in clear text. Also if you used FileVault encryption software on the Mac before Lion but then upgraded but kept the folders encrypted by using the legacy version of FileVault is also vulnerable to this password issue. If you have FileVault 2 (whole disk encryption) is unaffected.
Security researcher David Emery was the one who found this flaw and posted all of his findings to the Cryptome mailing list. Although the bug has seen not been fixed, Emery goes into detail on how sever this issue actually is:
?This is worse than it seems, since the log in question can also be read by booting the machine into firewire disk mode and reading it by opening the drive as a disk or by booting the new-with-LION recovery partition and using the available super user shell to mount the main file system partition and read the file. This would allow someone to break into encrypted partitions on machines they did not have any idea of any login passwords for.?
If you use Time Machine backups to external drives. If this drive was stolen it will contain the log file with the passwords.
Now this update was put into effect back in February 1st of this year so this problem has been around three months now and with this being out in the open no mac is safe.