Looks like there might be a security flaw that lets people log in with the username root and a blank password if they attempt several times quickly.