[原文]The password assistant in Mac OS X 10.4 to 10.4.2, when used to create multiple accounts from the same process, does not reset the suggested password list when the assistant is displayed, which allows attackers to view recently used passwords.
Apple Mac OS X SecurityInterface Password Assistant Recently-suggested Password Disclosure
Local Access Required
Loss of Confidentiality
Mac OS X contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to previously suggested plaintext passwords when using Password Assistant while adding muliple accounts, which may lead to a loss of confidentiality.
Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.