diff --git a/src/server/v2.0/handler/user.go b/src/server/v2.0/handler/user.go
index 13a73cb47..cf9bfc573 100644
--- a/src/server/v2.0/handler/user.go
+++ b/src/server/v2.0/handler/user.go
@@ -316,7 +316,12 @@ func (u *usersAPI) UpdateUserPassword(ctx context.Context, params operation.Upda
 	if err := requireValidSecret(newPwd); err != nil {
 		return u.SendError(ctx, err)
 	}
-	ok, err := u.ctl.VerifyPassword(ctx, sctx.GetUsername(), newPwd)
+	user, err := u.getUserByID(ctx, uid)
+	if err != nil {
+		log.G(ctx).Errorf("Failed to get user profile for uid: %d, error: %v", uid, err)
+		return u.SendError(ctx, err)
+	}
+	ok, err := u.ctl.VerifyPassword(ctx, user.Username, newPwd)
 	if err != nil {
 		log.G(ctx).Errorf("Failed to verify password for user: %s, error: %v", sctx.GetUsername(), err)
 		return u.SendError(ctx, errors.UnknownError(nil).WithMessage("Failed to verify password"))
diff --git a/src/server/v2.0/handler/user_test.go b/src/server/v2.0/handler/user_test.go
index cc7e11c39..f4b5cfb9f 100644
--- a/src/server/v2.0/handler/user_test.go
+++ b/src/server/v2.0/handler/user_test.go
@@ -8,6 +8,7 @@ import (
 	"github.com/stretchr/testify/suite"
 
 	"github.com/goharbor/harbor/src/common"
+	commonmodels "github.com/goharbor/harbor/src/common/models"
 	"github.com/goharbor/harbor/src/server/v2.0/models"
 	"github.com/goharbor/harbor/src/server/v2.0/restapi"
 	usertesting "github.com/goharbor/harbor/src/testing/controller/user"
@@ -37,9 +38,16 @@ func TestRequireValidSecret(t *testing.T) {
 type UserTestSuite struct {
 	htesting.Suite
 	uCtl *usertesting.Controller
+
+	user *commonmodels.User
 }
 
 func (uts *UserTestSuite) SetupSuite() {
+	uts.user = &commonmodels.User{
+		UserID:          1,
+		Username:        "admin",
+	}
+
 	uts.uCtl = &usertesting.Controller{}
 	uts.Config = &restapi.Config{
 		UserAPI: &usersAPI{
@@ -70,8 +78,8 @@ func (uts *UserTestSuite) TestUpdateUserPassword() {
 	{
 		url := "/users/1/password"
 		uts.Security.On("Can", mock.Anything, mock.Anything, mock.Anything).Return(true).Times(1)
-		uts.Security.On("GetUsername").Return("admin").Times(1)
 
+		uts.uCtl.On("Get", mock.Anything, mock.Anything, mock.Anything).Return(uts.user, nil).Times(1)
 		uts.uCtl.On("VerifyPassword", mock.Anything, "admin", "Passw0rd").Return(true, nil).Times(1)
 		res, err := uts.Suite.PutJSON(url, &body)
 		uts.NoError(err)
@@ -80,8 +88,8 @@ func (uts *UserTestSuite) TestUpdateUserPassword() {
 	{
 		url := "/users/1/password"
 		uts.Security.On("Can", mock.Anything, mock.Anything, mock.Anything).Return(true).Times(1)
-		uts.Security.On("GetUsername").Return("admin").Times(1)
 
+		uts.uCtl.On("Get", mock.Anything, mock.Anything, mock.Anything).Return(uts.user, nil).Times(1)
 		uts.uCtl.On("VerifyPassword", mock.Anything, "admin", mock.Anything).Return(false, nil).Times(1)
 		uts.uCtl.On("UpdatePassword", mock.Anything, mock.Anything, mock.Anything).Return(nil)
 		res, err := uts.Suite.PutJSON(url, &body)