Remote Management and Screen Sharing in Apple Mac OS X 10.5 through 10.5.4, when used to set a password for a VNC viewer, displays additional input characters beyond the maximum password length, which might make it easier for attackers to guess passwords that the user believed were longer.

More... (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3617)