iKees Huijgen discovered that under certain circumstances KDM, an X
session manager for KDE, could be tricked into
allowing user logins without a password.
For the old stable distribution (sarge), this problem was not present.
For the stable distribution (etch), this problem has been fixed in version
4:3.5.5a.dfsg.1-6etch1.
We recommend that you upgrade your kdebase package.