diff --git a/app/Controller/UserCredentialController.php b/app/Controller/UserCredentialController.php
index 23e7edba1..ae52a13c4 100644
--- a/app/Controller/UserCredentialController.php
+++ b/app/Controller/UserCredentialController.php
@@ -43,6 +43,10 @@ class UserCredentialController extends BaseController
 
         list($valid, $errors) = $this->userValidator->validatePasswordModification($values);
 
+        if (! $this->userSession->isAdmin()) {
+            $values['id'] = $this->userSession->getId();
+        }
+
         if ($valid) {
             if ($this->userModel->update($values)) {
                 $this->flash->success(t('Password modified successfully.'));
diff --git a/app/Validator/UserValidator.php b/app/Validator/UserValidator.php
index fe402c47f..041390a36 100644
--- a/app/Validator/UserValidator.php
+++ b/app/Validator/UserValidator.php
@@ -116,6 +116,10 @@ class UserValidator extends BaseValidator
         $v = new Validator($values, array_merge($rules, $this->commonPasswordValidationRules()));
 
         if ($v->execute()) {
+            if (! $this->userSession->isAdmin() && $values['id'] != $this->userSession->getId()) {
+                return array(false, array('current_password' => array('Invalid User ID')));
+            }
+
             if ($this->authenticationManager->passwordAuthentication($this->userSession->getUsername(), $values['current_password'], false)) {
                 return array(true, array());
             } else {