[Thorpuse]

Rather than a brute-force or dictionary attack through the GUI, there's no easy way to get the password in the clear. CP's password system is basic to say the least - the assumption is that if you're serious about authentication security, you'll outsource auth to a 3rd party (preferably two-factor based) authentication technology.

If I were to speculate, you could possibly try and run a dictionary attack using the authentication in dbedit or an equivalient command line tool. The success or otherwise of this would tell whether going down the path of 3rd-party authentication systems is required... :)

Good luck.