It is possible for the Blue Coat Director to accept users to login without any password. This could happen when the user's password is removed from the Director configuration, such as the example below :
username thisUser privilege 15
no username thisUser password
To ensure that the Director is secured from accounts without passwords, perform a "show running" command and ensure that there are no "no username User_name_here password" entries are present.
If such entries are present, configure a password for the affected account through the "username test password new_password_here" command :
director (config) # username test password ?