CVE-2008-1567 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1567): phpMyAdmin before 2.11.5.1 stores the (1) MySQL username, (2) password, and the (2) Blowfish secret key in plaintext in the /tmp Session file, which allows local users to obtain sensitive information.
*** This bug has been marked as a duplicate of bug 215502 ***