Cisco: how to encrypt line console password only?

I can't say for sure.  But have you tried:

Turn on service password-encryption.  Turn off service password-encryption.  Reconfigure your other passwords but leave that one alone.

Also you might try to use levels. I have never applied it as you require but you can give it a try.
Router(config)# privilege mode level level
command-string
Configures the specified privilege level to allow
access to the specified command.
Step 2 Router(config)# enable secret level level {0 |5}
password-string
Sets the password for the specified privilege level.
This is the password users will enter after entering the
enable level command to access the specified level.
• 0 indicates an unencrypted password string
follows; 5 indicates an encrypted password string
follows.

More here.

I'm not altogether sure you can? just use AAA then theres no passwords there at all.

I believe that once password encryption is turned off, that the passwords retain the encrypted information.  So the author should be able to turn it on, turn it off, and reset the other passwords.

Use secret vs service password encryption, if you just google crack Cisco password encryption there are a ton of sites out there that you can decrypt a level 7 password encryption.

Or make sure you use password-encryption aes