Not sure, but I had a similar bug once due to a trim() combined with an out-of-order string length check. But that would imply that Xbox Live does not allow passwords with spaces or something.
Conjecture here, but maybe the code checks the length as greater than 0, and then trims the string. Depending on how the string comparison is performed, that empty string might pass.
This can't be the Xbox Live account password, because surely that is sending hashes over the wire and not plaintext. Maybe the parental controls don't have the same kind of security, but I don't know that it is needed.
Conjecture here, but maybe the code checks the length as greater than 0, and then trims the string. Depending on how the string comparison is performed, that empty string might pass.
This can't be the Xbox Live account password, because surely that is sending hashes over the wire and not plaintext. Maybe the parental controls don't have the same kind of security, but I don't know that it is needed.