Once logged in, the real fun begins.
In older versions, a vulnerability existed where /etc/phpmyadmin/htpasswd.setup could be read or bypassed. Modern attacks focus on brute-force. phpmyadmin hacktricks
7.1. Network-Level Controls