Reported by Matheus Mariano, a Brazilian software developer, the vulnerability affects encrypted volumes using APFS wherein the password hint section is showing the actual password in the plain text.
Yes, you got that right—your Mac mistakenly reveals the actual password instead of the password hint.
In September, Apple released macOS High Sierra 10.13 with APFS (Apple File System) as the default file system for solid-state drives (SSDs) and other all-flash storage devices, promising strong encryption and better performance.
So, whenever the new volume is mounted, macOS asks the user to enter the password.
However, Mariano noticed that when he clicked the “Show Hint” button, he was served with his actual password in the plain text rather than the password hint.
It should be noted that just installing the update would not solve the APFS password disclosure issue. Apple has published a user guide on the password disclosure bug, which you should follow to protect your data.