...
MSC18-EX0 Application such as password managers may need to retrieve the original password in order to enter it into a third-party application. While this violates the rule, it poses less of a risk because each password is stored with the particular user's permission.The first important difference here is that the password manager is accessed by a single user. The second important difference is that the program will always have the user's permission to store their passwords in this way. Therefore, provided the user is competent, the program's operation will be safe.
Risk Assessment
Violations of this rule have to be manually detected because it is a consequence of the overall design of the password storing mechanism. It is pretty unlikely, since it will occur around once or twice in a program that uses passwords. As demonstrated above, almost all violations of this rule have a clear exploit associated with them.
...