The same password values (on the Current Password, New Password, Confirm New Password fields) in the "login_cpw.do" page is accepted upon submission. - Known Error

The same password values (on the Current Password, New Password, Confirm New Password fields) in the "login_cpw.do" page is accepted upon submission. Description The same password values (on the Current Password, New Password, Confirm New Password fields) in the "login_cpw.do" page is accepted upon submission. Steps to Reproduce

Login on to an instance. Set user user profile to have the Password needs reset checked. Password needs reset = true. Logout Login as user Click Login , and redirect to https:// .service-now.com/nav_to.do?uri=/login_cpw.do Enter the values for Current Password , New Password , Confirm New Password . Validation is applied and needs to enter the valid password. Once done, as user , Access the .service-now.com/login_cpw.do " rel="nofollow">https:// .service-now.com/login_cpw.do Enter the the same values for the fields Current Password, New Password, Confirm New Password . Click Submit

No error was thrown and it accepts the same values of the password. Workaround Add the following codes in the ValidatePasswordStronger installation exit, particularly after line# 10. https:// .service-now.com/nav_to.do?uri=sys_installation_exit.do?sys_id=45c28b420a0a0b840009e5cf4a185462

var current_password = request.getParameter("user_password_current"); if(!(GlideStringUtil.nil(user_password) && GlideStringUtil.nil(current_password)) && user_password == current_password) { gs.addErrorMessage("The new password must be different from the current password"); return false; }