phpMyAdmin before 2.11.5.1 stores the (1) MySQL username, (2) password, and the (2) Blowfish secret key in plaintext in the /tmp Session file, which allows local users to obtain sensitive information.

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1567)