I wanted to provide some additional information regarding this issue.
1. We have a custom registration screen which bypasses CB registration screen but still uses CB protocols to save the data.
2. I think I've solved the issue. This was happening b/c our "password" field was set to to not show in registration and that caused CB to automatically generate a password (it assumed a password was not provided).
By enabling the password field in the registration, I think our issue has been resolved.
Onto the next problem