Details
If the password is visible in the process list or user’s shell/command history, an attacker will be able to access the MySQL database using the stolen credentials.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Use -p without password and then enter the password when prompted, use a properly secured . my.cnf file, or store authentication information in encrypted format in .mylogin.cnf. Impact: Depending on the remediation chosen, additional steps may need to be undertaken like: Entering a password when prompted; Ensuring the file permissions on .my.cnf is restricted yet accessible by the user; Using mysql_config_editor to encrypt the authentication credentials in .mylogin.cnf. Additionally, not all scripts/applications may be able to use .mylogin.cnf.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Unix.