We are facing a similar issue where vRA 7 randomly passes an invalid password to vRO when calling a WF. In our case it's the password for our IPAM service account which is set as endpoint credentials. To work around this, we have temporarily hard coded the password as an attribute in our IPAM WF instead of using the value passed from vRA 7.
Did you ever find a solution to this issue? I am facing the exact same issue and any help would be appreciated if you got this resolved.