Enough people have a bad habit of using the same password everywhere to make the prospect of finding a single readable password a key to unlocking an entire system.
The following list is courtesy the people at the Macintosh Underground. It is two years old, so things have changed. Some of the items no longer exist; some new items would otherwise be found.
OSXVNC | Password stored in clear text in Contents/MacOS/passwd |
DynDNS | Stores password in clear text in /Library/Preferences/DNSUpdate/Users. |
Open Firmware Password | nvram -p | grep password | awk '{print $2}' |
System Optimizer X | Stores the clear text OS X admin account password in ~/Library/Preferences/System Optimizer X Preferences and it stays there until someone clicks the 'click the lock to un-authenticate' button in the program. |
PiePants | Password stored in clear text in user's preferences. |
AppleScripts | Password often stored in clear text inside. |
CommuniGate Mail | sudo find /var/Communigate -name account.settings | xargs grep Password |
Tivoli Storage Manager | Password stored in /Library/Preferences/Tivoli\ Storage\ Manager/*.pwd |
CUPS | Windows printer passwords stored in clear text in /etc/cups/printers.conf |
MacCVSClient | Stores login password (if saved in preferences) in MacCVSClient preferences file as clear text. |
Tomcat | Password stored in conf/tomcat-users.xml in clear text. |
Yahoo IM | Base64 encoding in com.yahoo.Messenger.Users.username.plist easily decoded by http://securitystats.com/tools/base64.php. |
AirPort | Base64 encoding in com.apple.nat.plist easily decoded by http://securitystats.com/tools/base64.php. |
CPU Speed Accelerator | Base64 encoding in preference file easily decoded by http://securitystats.com/tools/base64.php. |
YourSQL | Base64 encoding in ~/Library/Preferences/com.magisterludi.YourSQL.plist easily decoded by http://securitystats.com/tools/base64.php. |
Transmit | Base64 encoding in ~/Library/Preferences/com.panic.Transmit.plist easily decoded by http://securitystats.com/tools/base64.php. |
Nicecast | Base64 encoding in ~/Library/Preferences/com.rogueamoeba.Nicecast.plist easily decoded by http://securitystats.com/tools/base64.php. |