Sounds more like a bug than a backdoor. I would think spaces aren't an allowed character. Likely their validation regex didn't expect a series of spaces, and this edge case not being caught, somehow allows access.
Developers put these kinds of bypasses into login code quite frequently. When you're testing and fixing bugs typing in a password over and over gets old. As the poster above noted, the code is usually surrounded by conditional compilation directives, or otherwise marked as not being permissible in a production build.
Spaces are in fact often, if not always, an allowed character for passwords, at least in Microsoft/Windows systems. See "Use Spaces in Your Windows Password for Extra Security"[1].