The old password is likely stored in an encrypted form in the credential file, which is located at: [Windows Profile]\AppData\Roaming\Microsoft\Credentials\[Random ID] and [Windows Profile]\AppData\Local\Microsoft\Credentials\[Random ID] That said, it will be in an encrypted form. There are ways to decrypt credential files but I am not going to publicly provide ways to do that for obvious reasons. The password hash or salted password encryption file could also be stored in the [Windows Profile]\Application Data directory in the TEC Vista folder. A salted password cannot be reverted back to a readable string, however.
Thank you for the help, much appreciated. I'm sorry but I forgot to mention one important thing, this is on Windows NT 4.0. The file structure is obviously quite different from anything that came after it, even W2000 as I recall it. Anyway, you gave me some ideas for what to look/search for.
We found out that the program adds a space " " if no new password is entered. In hindsight, this makes sense. Thanks for your help!