Information leak in dsimportexport for Apple Macintosh OS X Server 10.2.6 allows local users to obtain the username and password of the account running the tool.
https://exchange.xforce.ibmcloud.com/vulnerabilities/12342
http://www.securityfocus.com/bid/7894
http://www.kb.cert.org/vuls/id/JPLA-5NTL8E