CUPS 1.1.20 and earlier records authentication information for a device URI in the error_log file, which allows local users to obtain user names and passwords.
Gentoo Linux Security Advisory GLSA 200410-06 - CUPS leaks information about user names and passwords when using remote printing to SMB-shared printers which require authentication.