Able to login with expired password even after forcefully asked to change it

[nkumars]

There is a way to reproduce this case and the steps are as follows:

1. Set the password as expired
2. Try to login with the same user account
3. Will now show the password change form
   • Fill in expired password in the Current password
   • Fill in the same expired password in the new and confirm password
4. This will show an error something like, "You can't use the same password as the current one".
5. Now cancel the login and retry logging in with the same expired password, this time it doesn't show the force password reset form, rather directly logs the user in

There is something strange with this flow and possible went unnoticed to test and fix this issue. We are using Page layout version 2.1.0

--

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 9a2f1cda-e84e-1204-4f9e-6a061280e577
• Version Independent ID: bd341ac4-db08-0f55-bfa2-cb820fc37b5d
• Content: Configure password complexity requirements - Azure AD B2C
• Content Source: articles/active-directory-b2c/password-complexity.md
• Service: active-directory
• Sub-service: b2c
• GitHub Login: @kengaderdus
• Microsoft Alias: kengaderdus

[YashikaTyagii]

Thanks for your feedback! We will investigate and update as appropriate.

[Givary]

@nkumars Apologies for the delay, we are investigating on this issue and will revert back to you.

[nkumars]

@Givary, you could let me know if you need further details like a screen recording, I can even share.

[nkumars]

@Givary, any update on this, you can share please? I don't understand why was this closed.