Really idiotic of Avaya/Lucent to have put the dumb backdoor in there in the first place.
Well, there has to be a backdoor to get into the system when the admin pass is not known. The Partner Messaging works the same way only those backdoors are not as well known YET. Don't blame Avaya, blame the internet. This is a perfect example of why we will not give out passwords here but will offer to reset your system for you.
As for your situation, can you think of anybody who would want to maliciously change the admin password? Sounds to me like it was done by someone in your office who thought it should be changed or by mistake. This is a new system. Check around, it's always the case that no one will own up to it but I wouldn't suspect a hacker.
-Hal