Brian,
The app uses sp_executesql, this is from the profiler that I just ran for the PW change. The password I submitted to the app was completely different.
execute sp_executesql N'sp_password NULL, ''milm434567'', ''test'''
Disclamer # 1: I create cases with the vendor for a number of years to improve handling logins.
Disclamer # 2 I know that dynamic statements are not safe.
Regards,Yelena Varsha