diff --git a/lib/middleware.js b/lib/middleware.js
index 245deb6..db41a80 100644
--- a/lib/middleware.js
+++ b/lib/middleware.js
@@ -33,6 +33,10 @@ function verifyViewOnlyUser(req, res, next) {
   if (req.method === 'GET') {
     return next();
   }
+  // current user is changing their password which shuould be allowed
+  if (req.body?.old_password && req.body?.new_password) {
+    return next();
+  }
   // Check if user is read-only
   if (req.user && !!req.user.is_view_only) {
     const upError = new UserPermissionError('User has view-only access');