Passwords are not stored directly in the database but rather as an MD5 hash of the password. If you know the password of any user - for example, you when you post on your forum - you will be able to update the database and set the user_password field to your password. Then you can change it.
Do do this you'll need to use some sort of tool to be able to select from and insert into the database. I'm afraid that I'm not at all familiar with hsqldb so I'm not familiar the command line tools. I have a command line database interface that might work though I haven't tested it with hsqldb. [originally posted on jforum.net by stdunbar]