If you know what the error codes mean and don't care about the text, you can create an enforcement profile that returns %{Authentication:ErrorCode}. This way you'll get all errors, not just incorrect password.
Enforcement rule would read:
Authentication Status EQUALS Failed
<ErrorCode-enforcement-profile>