One of our servers had a database with quite a lot of ftp users using there username as there password. To get rid of that problem i did the following. Make sure to backup you databases first. Now find out how many users there are with userid=passwd.

This select will show you which users have a userid field equal to the passwd field not a good idea.

select * from ftpuser where userid=passwd;

This update statement will update all of these users and set a random MD5 string as there password.

update ftpuser set passwd=MD5(RAND()) where userid=passwd;

This will only work with clear text passwords.