Password updates work perfectly fine in all versions of DNN using OWS (up through 7.3.1) with the currently active release. The issue you are bumping into is specifically related to how you have your instance configured in regards to password storage. If you are using Hashed passwords, rather than Encrypted passwords in the configuration - they are not capable of being decrypted. Take a look in your SiteSettings > User Account Settings > Registration Settings - it will list "Password Retrieval Enabled". I suspect yours says "False". You can change to the Encrypted password format and specifically enable or disable this feature from within your web.config file. From an OWS perspective, there is nothing I can do to override that aspect of your DNN instance.