Under some condition user's pasword may be logged by NET$SESSION_CONTROL module.
vulners.com/securityvulns/securityvulns:doc:14106