Comment by lysp

I went to change my password on a forum site that I had not used in a few years. My old password was really weak - think "abc123" or something similar.

I logged in and then attempted to change my password to my new standard of 20+ character upper/lower/symbol. The problem was, they'd upgraded their forum software, and there was a bug that added password strength validation to the "old" password field.

So I was putting in:

Old: abc123 New: sZp10VzIoZI9g143

And was getting the error message "error: your password must be 8+ characters long". After about 10 minutes of frustration and realising they had both client and server validation I went down a similar route as you and used forgot-password even though I knew the password.