Comment by TZubiri

Interesting. I guess you could do it on the frontend by asking for old and new passwords simultaneously and sending the hashes to the backend.

That said, it means that you can skip this check by hacking around the front end check haha