Sometimes it’s amazing what makes it through countless beta versions of operating systems to the final product. In the case of macOS 10.13 High Sierra, developer Matheus Mariano discovered a surprisingly bad vulnerability that displays the password of an encrypted APFS container.
In the following video, Mariano shows how the vulnerability works — you create a new Encrypted APFS container in Disk Utility on a Mac with an SSD, and fill in and verify the password, along with a password hint. After unmounting and re-mounting the container, the password dialog displays the actual password in the “Hint” field. Whoops!
Mariano notes that he has already (as of September 27) reported this to Apple. It’s quite likely that macOS 10.13.1 will be heading our way soon with a fix.