While migrating users from a foreign system into the Member table, a bug surfaced in the way password hashes are handled.
It seems Security::encrypt_password() doesn't differentiate between:
1. plaintext passwords needing hashing for the first time (`Salt` is NULL)
2. hashed but unsalted passwords (`Salt` is empty string '')
This can be fixed in:
$salt = ($salt) ? $salt : $e->salt($password);
$salt = isset ($salt) ? $salt : $e->salt($password);