Use Hydra or Medusa with a small user/pass list. Limit to 5 attempts/sec to avoid lockouts.
Look for $cfg['Servers'][$i]['password'] . phpmyadmin hacktricks verified
Use this checklist to verify you’ve successfully exploited or secured phpMyAdmin: Use Hydra or Medusa with a small user/pass list
phpMyAdmin is vulnerable to brute force attacks when weak passwords are used. An attacker can use automated tools to guess the password and gain unauthorized access. phpmyadmin hacktricks verified