This doesn’t look good at all, unless you are a hacker creating a password dictionary to use in attacks.
Firstly, passwords should not be exposed in the DB. If you are doing this, stop right now! NOT SAFE. You should encrypt it. Anf if you encrypt it, this approach won’t work. Unless we add some loops in DQL.
e.g “For each node, try this password and count”. But that would be unethical, as you are brute forcing your database with your users data…