When auditing is configured and enabled, and the sp_audit option 'cmdtext' is set, system stored procedure and command password parameters are replaced with a fixed length string of asterisks in the audit records contained in the audit logs.
For example, executing:
sp_password 'oldpassword', 'newpassword'
when auditing is enabled and sp_audit cmdtext is set, results in output similar to:
sp_password '******', '******'
This protects passwords from being seen by other with access to the audit log.
