Shalom,
Still don't know what you mean by an embedded password.
There is no mechanism to check user password used while logged in.
If you obtain permission from your management, you can do what I used to do at prior jobs.
I took a copy of the /etc/passwd file and ran crack against it.
When it guessed user passwords, I reported to management that password guidelines were not being followed. I was not permitted to use /etc/default/security to enforce guidelines. Go figure.
I can provide you with instructions and code to compile to run crack on your password file.
Another trick I used was looking at last and lastb output.
Many of my users in Chicago were fond of the password Cubs1 or cubs1. Perhaps it was due to the ineptitude of that baseball club.
But I digress, Sometimes these brilliant users typed their password instead of their user name, showed up in lastb output. Then I tried that password with a telnet/ssh login and reported the users.
I didn't like being a snitch, but was ordered to maintain security and saw the logic of it.
If you want instructions on how to use crack, obtain management permission (highly recommended) and post back, perhaps do some reasonable interim point assignment and myself or someone else will provide you instructions on how to do it.
A google search of itrc forums will also provide you these instructions, I have posted them before.
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
