The SSH server is using a weak password. Acunetix was able to guess the credentials required to access this resource.
A weak password is short, common, a system default, or something that could be rapidly guessed by executing a brute force attack using a subset of all possible passwords, such as words in the dictionary, proper names, words based on the user name or common variations on these themes.
Enforce a strong password policy. Don't permit weak passwords or passwords based on dictionary words.