Details
MySQL can read a default database password from an environment variable called MYSQL_PWD.
Rationale:
Use of the MYSQL_PWD environment variable implies MySQL credentials are stored as clear text. Avoiding use of this environment variable may increase assurance that the confidentiality of MySQL credentials is preserved.
Solution
Check which users and/or scripts are setting MYSQL_PWD and change them to use a more secure method.
Default Value:
Not set.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Unix.