There is no known problem with ISPConfig security. If you claim that there is a security problem, you should proove this and provide a bit more info.
Did you had a look at the logfiles and /etc/passwd and /etc/shadow?
And by the way, you forgot how many ISPConfig installations are out there. If 2 installations of several ten thousand have the same issue, it is statistical just a coincidence.