Missing User Warnings
Medium
- Confidence
- 95% confidence
- Finding
- The guide recommends placing the master password in an environment variable for unattended use but does not warn that environment variables can be exposed through process listings, child-process inheritance, shell history, CI job logs, crash reports, or misconfigured observability tooling. Because this password unlocks the encrypted credential store for monitoring targets, compromise of the variable can expose Orion credentials or PRTG API tokens and enable unauthorized monitoring actions, including governed writes.
