HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not properly handle the "@" character in a proxy password, which could allow attackers with physical access to obtain portions of the password when it is displayed to the screen.
http://www.securityfocus.com/bid/14032
http://www.securityfocus.com/advisories/8734