It's possible to retrive users list with passwords via default community public.
vulners.com/securityvulns/securityvulns:doc:2775