Brian,

The app uses sp_executesql, this is from the profiler that I just ran for the PW change. The password I submitted to the app was completely different.

execute sp_executesql N'sp_password NULL, ''milm434567'', ''test'''

Disclamer # 1: I create cases with the vendor for a number of years to improve handling logins.

Disclamer # 2 I know that dynamic statements are not safe.