This problem came in picture when client ran penetration tests on Service Manager 12.3.3 (and 12.2.2) and figured out how the AE does the authentication for the connection to the Service Manager: it uses a undocumented password parameter with a timestamp value.
This can be done by the user directly by using a timestamp via CLI as well:
UCYBSMCl.exe -c GET_PROCESS_LIST -h FE0VM1134 -n AE12EUP5 -p $((GetDate).ToUniversalTime().ToString("yyyMMdd$([char]0x01)HHmmss"))
So the user can basically authenticate without a password.
To change this behavior/security hole we would have to adapt the SMGR, AE, and provide a way to manage passwords. Its resolved in AE-26648.