all 0.0.0.0 clients are auth failed clients, it will not get SSID service.
once client connect AP with wrong password, it will disappear as 0.0.0.0 until user input correct password.
And IAP will keep auth failed clients for several mins and then delete it by IAP check period.
for you set SSID password back to old one, i think clients auto connect the AP with old password and got IP from APs.