Missing User Warnings
Medium
- Confidence
- 93% confidence
- Finding
- The guide recommends exporting the master password via an environment variable for non-interactive use, but does not warn that environment variables can be exposed through shell history, process inspection, CI job logs, crash dumps, or inherited child processes. Because this password unlocks the local encrypted credential store, exposure would allow an attacker with host or pipeline visibility to recover Prism Central credentials and operate the Nutanix estate.
