In case this happens to you - I've had issues in the past with symbols in passwords, I think ones with & or ; if I recall. They sometimes give delimiter errors (I may be remembering incorrectly, or this may have been mobile exclusive, just something to keep in mind..)
For the issue you posted, if you're not too concerned with security why not add another plain text attribute (pwdTxt) and then user.pwdTxt=GENERATE_PWD(10,10,0,10,0) and then user.password=user.pwdTxt. That way you can use pwdTxt in the url perhaps..
First whenever if we assign any value to Password attribute, AwareIM automatically convert text password to encrypted md5 value. So what you are seeing long value is correct.
Second what Steve had suggested above is another way of doing which will sure work in your scenario. It is better to encrypt the whole url parameters which also contains the actual password value.
Thanks guys! I think the mystery is solved. I didn't realize that the password was already encrypted in md5 and the special characters could cause a problem. I'll add an attribute to also save the temp password unencrypted as you suggested. That's not a major security issue since it's only a temp password and the user-defined password will not be exposed.