You will notice you can set a null or "" empty pw in UT constructor.
However you can pass a " " space or spaces.  It appears, however, that the
either the server side or client side does a Trim() on the SendPlainText pw
(not sure which).  However, it is clear that the server side conciders empty
password string to be invalid and does not attempt to start the
Authenticator.  This was probably a security concern.  Naturally, you have
to wonder what the point of a empty password is to begin with.  However,
Windows accounts allow an empty password, so one would think it should work
the same way for WSE.  Moreover, not sure the Trim() behavior is correct
here as I may indeed what to have leading/trailing spaces in a password for
some reason.  As a workaround, if the client password is really "" empty,
then pass something like "Empty" instead (or some other const string that
both sides agree on).

In WSE 2.0 you can do this by defining a custom security filter class derived
from the 'SecurityInputFilter' class and override the ProcessMessage()
function, in your classes processMessage() function check the SoapEnvelope to
see if the password is not null or empty and then call base.ProcessMessage()
( this will do the Authnetication/Authorization for you), if password is
empty then skip the call to base.processmessage().
Also change web.config to define your CustomFilter.

The filter will be called everytime a call is made to any of the WebMethod
in the WS.