The researcher discovered that the .bash_history on this server had improper permissions, which allowed public viewing of the files. When a DB admin eventually executed a command involving clear text credentials for the database, this exposed the password for that database (a Kayako DB used for support).
Razerβs summary explains the report well.