diff --git a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AspNetIdentity/AbpResourceOwnerPasswordValidator.cs b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AspNetIdentity/AbpResourceOwnerPasswordValidator.cs
index befbc5b5e7..6e738df9be 100644
--- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AspNetIdentity/AbpResourceOwnerPasswordValidator.cs
+++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AspNetIdentity/AbpResourceOwnerPasswordValidator.cs
@@ -125,7 +125,7 @@ public class AbpResourceOwnerPasswordValidator : IResourceOwnerPasswordValidator
 
                     if (user.ShouldChangePasswordOnNextLogin)
                     {
-                        await HandleShouldChangePasswordOnNextLoginAsync(context, user);
+                        await HandleShouldChangePasswordOnNextLoginAsync(context, user, context.Password);
                         return;
                     }
 
@@ -200,10 +200,9 @@ public class AbpResourceOwnerPasswordValidator : IResourceOwnerPasswordValidator
         }
     }
 
-    protected virtual async Task HandleShouldChangePasswordOnNextLoginAsync(ResourceOwnerPasswordValidationContext context, IdentityUser user)
+    protected virtual async Task HandleShouldChangePasswordOnNextLoginAsync(ResourceOwnerPasswordValidationContext context, IdentityUser user, string currentPassword)
     {
         var changePasswordToken = context.Request?.Raw?["ChangePasswordToken"];
-        var currentPassword = context.Request?.Raw?["CurrentPassword"];
         var newPassword = context.Request?.Raw?["NewPassword"];
         if (!changePasswordToken.IsNullOrWhiteSpace() && !currentPassword.IsNullOrWhiteSpace() && !newPassword.IsNullOrWhiteSpace())
         {
diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs
index 3d86d4ebcf..3e9168e7fb 100644
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs
@@ -104,7 +104,7 @@ public partial class TokenController
 
                         if (user.ShouldChangePasswordOnNextLogin)
                         {
-                            return await HandleShouldChangePasswordOnNextLoginAsync(request, user);
+                            return await HandleShouldChangePasswordOnNextLoginAsync(request, user, request.Password);
                         }
 
                         errorDescription = "You are not allowed to login! Your account is inactive or needs to confirm your email/phone number.";
@@ -215,10 +215,9 @@ public partial class TokenController
         }
     }
 
-    protected virtual async Task<IActionResult> HandleShouldChangePasswordOnNextLoginAsync(OpenIddictRequest request, IdentityUser user)
+    protected virtual async Task<IActionResult> HandleShouldChangePasswordOnNextLoginAsync(OpenIddictRequest request, IdentityUser user, string currentPassword)
     {
         var changePasswordToken = request.GetParameter("ChangePasswordToken")?.ToString();
-        var currentPassword = request.GetParameter("CurrentPassword")?.ToString();
         var newPassword = request.GetParameter("NewPassword")?.ToString();
         if (!changePasswordToken.IsNullOrWhiteSpace() && !currentPassword.IsNullOrWhiteSpace() && !newPassword.IsNullOrWhiteSpace())
         {