Apple on Monday released Security Update 2010-006, which targets a hole with AFP (Apple Filing Protocol) shared folders on Snow Leopard client systems as well as Snow Leopard Server. Someone with only the knowledge of an account's name could access shared folders without entering a password, Apple said.
Impact: A remote attacker may access AFP shared folders without a valid password
Description: An error handling issue exists in AFP Server. A remote attacker with knowledge of an account name on a target system may bypass the password validation and access AFP shared folders. By default, File Sharing is not enabled. This issue does not affect systems prior to Mac OS X v10.6. Credit to Richard Noll for reporting this issue.