It's possible to find a valid password via statistical attacks.
vulners.com/securityvulns/securityvulns:doc:30577