Acces with empty password is possible if NTLM authentication is configured.
vulners.com/securityvulns/securityvulns:doc:14892