The host is installed with Mac OS X 10.8.x before 10.8.2 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to create password hash only when mobile account is used as an external account. Successful exploitation could allow attackers to obtain a mobile accounts password.