Blank sa password. Got SQL. Admin. Got Server. Escalate. Got Domain.
This scenario I actually covered in my recent SQL Connections presentation on SQL Server security. I've seen it happen to an organization. Thankfully it happened during a penetration test and was easily remediated. This is why, when you do these sorts of things (changing passwords), you have someone going behind to verify.