Over three months ago, a flaw was posted on Apple's Support Communities forum that stored password in OS X Lion were in clear text. The flaw was discovered by users who upgraded from OS X Snow Leopard to Lion.

CNET's Emil Protalinski also reported the flaw.

"Anyone who used FileVault encryption on their Mac prior to Lion, upgraded to Lion, but kept the folders encrypted using the legacy version of FileVault is vulnerable. FileVault 2 (whole disk encryption) is unaffected," he wrote.

The flaw was originally published in the Cryptome mailing list.

"This is worse than it seems, since the log in questions can also be read by booting the machine into firewire disk mode and reading it by opening the drive as a disk or by booting with the new-with-LION recovery partition and using the available superuser shell to mount the main file system partition and read the file. This would allow someone to break into encrypted partitions on machines they did not have any idea of login passwords for," security researcher David Emery wrote on the mailing list.

Anyone with administrative or root access can grab the details from an encrypted home directory tree. A person with access to the information would then be able to access anything meant to be protected by a username and password. Businesses also rely on FileVault because it stores encrypted data, but this could be a major concern.

The exploit also applies Time Machine backups to external hard drives, so huge amounts of data could be accessible.

The 10.7.3 build of OS X Lion has been available since February 1, 2012, so that's potentially months of unencrypted data. However, the log file is only kept by default for a few weeks so potentially three months of access won't be available.

There are two ways, however, to reduce the threat: using FileVault 2 means an attacker would need to know at least one password before files on the main partition of the disk could be accessed. A firmware password could also be set to boot the recovery partition, external media or enter the FireWire disk. Emery said that Apple Geniuses know of a way to turn it off.

Other recommended methods to tackle the problem are to change passwords, or checking to see if a legacy version of FileVault is being used by navigating to "Security & Preferences" which will show a prompt, or disable FileVault.

Apple has not commented on the flaw, or if and when an update will arrive.

(reported by Jonathan Charles, edited by Dave Clark)