source: https://www.securityfocus.com/bid/13131/info
An insecure default password disclosure vulnerability affects XAMPP. This issue is due to a failure of the application to properly secure access to default passwords.
An attacker may leverage this issue to gain access to the default passwords for many utilities installed by the affected application, including the MySQL 'root' user, the phpMyAdmin 'pma' user, the FTP 'nobody' user and the Tomcat administrator.
http://www.example.com/xampp/security.php