It was reported  that accountsservice invokes usermod with the -p parameter when calling SetPassword(), which can leak encrypted passwords locally (being that they are briefly visible via ps).
As noted in the upstream bug:
The relevant code is in src/user.c in the user_change_password_authorized_cb() function:
argv = "/usr/sbin/usermod";
argv = "-p";
argv = strings;
argv = "--";
argv = user->user_name;
argv = NULL;
strings has been set to the crypted password in user_set_password(). The crypted password has been passed from the client (ie: gnome-control-center).
This has not yet been corrected upstream.
Created accountsservice tracking bugs for this issue:
Affects: fedora-all [bug 1130543]
This was assigned CVE-2012-6655: