diff --git a/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/users/UserServlet.java b/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/users/UserServlet.java
index 1c0efc71bb3c5d1b583f79810700804a17403d72..f9db9270af6a758ce55f80068e683c4bc218164c 100644
--- a/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/users/UserServlet.java
+++ b/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/users/UserServlet.java
@@ -22,7 +22,6 @@
 */
 package net.jami.jams.server.servlets.api.admin.users;
 
-import com.jsoniter.JsonIterator;
 import com.jsoniter.output.JsonStream;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.annotation.WebServlet;
@@ -32,18 +31,13 @@ import jakarta.servlet.http.HttpServletResponse;
 import net.jami.jams.common.authentication.AuthenticationSourceType;
 import net.jami.jams.common.dao.StatementElement;
 import net.jami.jams.common.dao.StatementList;
-import net.jami.jams.common.jami.NameRegistrationRequest;
-import net.jami.jams.common.objects.requests.CreateAuthSourceRequest;
 import net.jami.jams.common.objects.responses.DeviceRevocationResponse;
 import net.jami.jams.common.objects.user.User;
-import net.jami.jams.common.objects.user.UserProfile;
 import net.jami.jams.common.utils.PasswordGenerator;
 import net.jami.jams.server.core.workflows.RevokeUserFlow;
 
 import java.io.IOException;
-import java.security.SecureRandom;
 import java.util.HashMap;
-import java.util.stream.Collectors;
 
 import static net.jami.jams.server.Server.dataStore;
 import static net.jami.jams.server.Server.nameServer;
@@ -85,9 +79,7 @@ public class UserServlet extends HttpServlet {
     protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws IOException {
         String username = req.getParameter("username");
         //Check if he is AD/LDAP - then return a 403, because we can't set such password.
-        StatementList select = new StatementList();
-        StatementElement st = new StatementElement("username","=",username,"");
-        if(dataStore.getUserDao().getObjects(select).get(0).getUserType() != AuthenticationSourceType.LOCAL){
+        if(dataStore.getUserDao().getObjects(null).get(0).getUserType() != AuthenticationSourceType.LOCAL){
             resp.sendError(500,"The user is not a local user, therefore we cannot change his data!");
             return;
         }
diff --git a/jams-server/src/main/resources/webapp/js/api.js b/jams-server/src/main/resources/webapp/js/api.js
index e478fa83e21b01f374ae7881693ccdd999bbf4e4..4ce765f07ecdc432eb6c4a40f8e19c62e0df6e11 100644
--- a/jams-server/src/main/resources/webapp/js/api.js
+++ b/jams-server/src/main/resources/webapp/js/api.js
@@ -39,7 +39,7 @@ var api_path_rename_device = '/api/auth/device';
 var api_path_get_server_status = '/api/info';
 var api_path_get_post_configuration_auth_service = '/api/configuration/authservice';
 var api_path_get_post_configuration_global_settings = '/api/configuration/globalsettings';
-var api_path_post_configuration_change_password = '/api/configuration/changepassword';
+var api_path_post_configuration_change_password = '/api/admin/user';
 var api_path_post_configuration_register_license = '/api/subscription';
 var api_path_get_subscription_status = '/api/admin/subscription';
 var api_path_get_directories = '/api/auth/directories';
@@ -84,7 +84,7 @@ function ajaxApiCall(api_path, request_type, data, credentials, callBackFunction
     if (data) {
         if (api_path == api_path_get_user_directory_search || api_path == api_path_get_auth_user_search ||
            (api_path == api_path_post_create_user && request_type == 'POST') || api_path == api_path_post_update_user
-           || api_path == api_path_get_auth_devices)
+           || api_path == api_path_get_auth_devices || api_path == api_path_post_configuration_change_password)
             isSearch = true;
 
         // search dataType
diff --git a/jams-server/src/main/resources/webapp/js/config.js b/jams-server/src/main/resources/webapp/js/config.js
index 4552f209704dd8fb459808b3c6e8d3da90417fdd..27e91c2b9027ecf1f2f309c90078e7c1108cd890 100644
--- a/jams-server/src/main/resources/webapp/js/config.js
+++ b/jams-server/src/main/resources/webapp/js/config.js
@@ -319,11 +319,13 @@ $("#form-change-password").submit(function (event) {
       $('#changePasswordTitle').before('<div class="configMessage" id="configMessageError"><i class="fa fa-exclamation-circle" aria-hidden="true"></i>New password must be different from the current password.</div>');
     }
     else if (newPassword == inputConfirmPassword && oldPassword != null) {
-      jsonData = {
-        "oldPassword": oldPassword,
-        "newPassword": newPassword
-      }
-      ajaxApiCall(api_path_post_configuration_change_password, 'POST', jsonData, null, changePasswordHandler, null);
+
+      var username = '';
+      var tokenJSON = JSON.parse(atob(window.localStorage.getItem('access_token').split('.')[1]));
+      if (tokenJSON.scope == "ADMIN")
+            username = tokenJSON.sub;
+
+      ajaxApiCall(api_path_post_configuration_change_password+ "?username=" + username + "&password=" +  newPassword, 'PUT', null, null, changePasswordHandler);
     }
     else {
       $('.configMessage').remove();