When auditing is configured and enabled, and the sp_audit option 'cmdtext' is set, system stored procedure and command password parameters are replaced with a fixed length string of asterisks in the audit records contained in the audit logs.
For example, execute the following when auditing is enabled and sp_audit cmdtext is set:
alter login johnd with password oldpasswd modify password 'newpasswd'
The command results in output similar to:
alter login johnd with password ****** modify password '******'
This protects passwords from being seen by other with access to the audit log.
