The remote host is missing an update to kdebase announced via advisory DSA 1376-1.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201376-1

iKees Huijgen discovered that under certain circumstances KDM, an X session manage for KDE, it is possible for KDM to be tricked into allowing user logins without a password. For the stable distribution (etch), this problem has been fixed in version 4:3.5.5a.dfsg.1-6etch1. For the old stable distribution (sarge), this problem was not present. We recommend that you upgrade your kdebase package.