Details
MySQL can read a default database password from an environment variable called MYSQL_PWD. Avoiding use of this environment variable can better safeguard the confidentiality of MySQL credentials.
Rationale:
Using the MYSQL_PWD environment variable implies MySQL credentials are stored as clear text.
Solution
Check which users and/or scripts are setting MYSQL_PWD and change them to use a more secure method.
For unattended logins you should consider
MySQL Configuration Editor
Different authentication methods like e.g., X509 certificate verification,
Use MySQL Enterprise LDAP plugin with Kerberos or SASL tokens.
Default Value:
Not set.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Unix.