OS X Lion vulnerability may reveal passwords to anyone
According to security blog Defense in Depth, new flaw was found in OS X Lion that could be exploited by accessing your system and viewing or changing your administrator password.
What is more, this OS X hole can be exploited even by non-root users who have the ability to view password hash data which enables them to use simple Python script to encode user's password. This gets worse because Lion doesn’t require a password in order to change the password of the current users. It means that typing a simple command will definitely change user's administrative password.
However, this security issue can be exploited only then if user has direct access to Mac and has Directory Service access. To prevent such problem, you need to make sure you disabled automatic log-in, enabled sleep and screensaver passwords and disabled guest accounts. This will help you to secure your Mac.